General

  • Target

    XSpammer 2.exe

  • Size

    37.7MB

  • Sample

    241031-xg379ssfmr

  • MD5

    ae49f74a45723092b3c286ebc594e552

  • SHA1

    4a08d40a693767b81c5e67beb9892ce24c34f099

  • SHA256

    50f9b2cefe9dc7c1221116abca8f731f80ff38ec853079e91ebc0f970282f394

  • SHA512

    e1b3aa821a4c464005fcf694c1092e42bc87066cb8b9e63003b17efb0ed6685642c10b5742996471937fde63dbca5bd4347e715c65975d51dce464cb01e6ce45

  • SSDEEP

    393216:xQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgq96l+ZArYsFRl81Q:x3on1HvSzxAMNqFZArYsKPvk7OZWnNh

Malware Config

Targets

    • Target

      XSpammer 2.exe

    • Size

      37.7MB

    • MD5

      ae49f74a45723092b3c286ebc594e552

    • SHA1

      4a08d40a693767b81c5e67beb9892ce24c34f099

    • SHA256

      50f9b2cefe9dc7c1221116abca8f731f80ff38ec853079e91ebc0f970282f394

    • SHA512

      e1b3aa821a4c464005fcf694c1092e42bc87066cb8b9e63003b17efb0ed6685642c10b5742996471937fde63dbca5bd4347e715c65975d51dce464cb01e6ce45

    • SSDEEP

      393216:xQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgq96l+ZArYsFRl81Q:x3on1HvSzxAMNqFZArYsKPvk7OZWnNh

    • UAC bypass

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks