General

  • Target

    main.exe

  • Size

    17.9MB

  • Sample

    241101-1hmhpatqas

  • MD5

    f85c7a5aefdbe7c85ee6363991904589

  • SHA1

    f28ef5fe2d534049a8c4a8f981b8599e2532d901

  • SHA256

    d6852ef7536374c41c97e5a440ed05457bab1f05dd8e89964bc020ed8b5af74e

  • SHA512

    e542a4f07408864dffdb397035b3948cd9243627dea2346d496d4dd7eeb7df47151bc11f2374edda91f6db90c674b0a9c698b409bf7c3378037f2d333091ad04

  • SSDEEP

    393216:EqPnLFXlrzQMDOETgsvfGKRgdM2mvEaQNRWtKtqo:lPLFXNzQREBc5TTW7o

Malware Config

Targets

    • Target

      main.exe

    • Size

      17.9MB

    • MD5

      f85c7a5aefdbe7c85ee6363991904589

    • SHA1

      f28ef5fe2d534049a8c4a8f981b8599e2532d901

    • SHA256

      d6852ef7536374c41c97e5a440ed05457bab1f05dd8e89964bc020ed8b5af74e

    • SHA512

      e542a4f07408864dffdb397035b3948cd9243627dea2346d496d4dd7eeb7df47151bc11f2374edda91f6db90c674b0a9c698b409bf7c3378037f2d333091ad04

    • SSDEEP

      393216:EqPnLFXlrzQMDOETgsvfGKRgdM2mvEaQNRWtKtqo:lPLFXNzQREBc5TTW7o

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks