General

  • Target

    PAP46E1UkZ.exe

  • Size

    17.0MB

  • Sample

    241101-sd5jpstkhm

  • MD5

    7e7f847852a496950c77e1447db6707f

  • SHA1

    d61640d53fc5bb541b21cfe47c73783a742096af

  • SHA256

    5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904

  • SHA512

    9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c

  • SSDEEP

    393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao

Malware Config

Targets

    • Target

      PAP46E1UkZ.exe

    • Size

      17.0MB

    • MD5

      7e7f847852a496950c77e1447db6707f

    • SHA1

      d61640d53fc5bb541b21cfe47c73783a742096af

    • SHA256

      5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904

    • SHA512

      9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c

    • SSDEEP

      393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Modifies Windows Firewall

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      WindowsLibrary.pyc

    • Size

      29KB

    • MD5

      19fc456328db992d701fc83ab0dab8b6

    • SHA1

      32fa35f716455919dac545a5a921508cdabff962

    • SHA256

      0185fdcd6bd61de344e85dee5b589306b5987f22fdf89758518cd24a42461d49

    • SHA512

      6ca2b152a5270bc238b1cb53528faa9d7b8c78f2387598a09ca8a161108326eebaa2eaad0819dff4f7d73bb202943e0d8afafd0e311bdd2eb7b29bf3ae10a224

    • SSDEEP

      768:DWv3NxFFcIxhYdZ78/bolzcV428iFuQV5hqy12:De3HpYdZ78zoIqMuQV5S

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks