General
-
Target
PAP46E1UkZ.exe
-
Size
17.0MB
-
Sample
241101-sd5jpstkhm
-
MD5
7e7f847852a496950c77e1447db6707f
-
SHA1
d61640d53fc5bb541b21cfe47c73783a742096af
-
SHA256
5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904
-
SHA512
9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c
-
SSDEEP
393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao
Behavioral task
behavioral1
Sample
PAP46E1UkZ.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PAP46E1UkZ.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
WindowsLibrary.pyc
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
WindowsLibrary.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
PAP46E1UkZ.exe
-
Size
17.0MB
-
MD5
7e7f847852a496950c77e1447db6707f
-
SHA1
d61640d53fc5bb541b21cfe47c73783a742096af
-
SHA256
5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904
-
SHA512
9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c
-
SSDEEP
393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
WindowsLibrary.pyc
-
Size
29KB
-
MD5
19fc456328db992d701fc83ab0dab8b6
-
SHA1
32fa35f716455919dac545a5a921508cdabff962
-
SHA256
0185fdcd6bd61de344e85dee5b589306b5987f22fdf89758518cd24a42461d49
-
SHA512
6ca2b152a5270bc238b1cb53528faa9d7b8c78f2387598a09ca8a161108326eebaa2eaad0819dff4f7d73bb202943e0d8afafd0e311bdd2eb7b29bf3ae10a224
-
SSDEEP
768:DWv3NxFFcIxhYdZ78/bolzcV428iFuQV5hqy12:De3HpYdZ78zoIqMuQV5S
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3