General
-
Target
Spf.zip
-
Size
20.2MB
-
Sample
241102-saqw5sxcnd
-
MD5
653d4f45cd6e2f22d8061abcb3e4f2b2
-
SHA1
adc9bd9ce938c334b10c11b5cbe8f581295b29cb
-
SHA256
3b9f7b7dc3c08364bf50b309610d919e4ffbf48c28a99749fa2463ef68437c66
-
SHA512
c4c5fb85b6098403e40e3c1b6e710ec3a60d6874d71cf95cbad97c9e31db03e5d9d2109b3a3a4c80784bb4ececdcb6e94e877c03517dcc34f42abe784ad5252e
-
SSDEEP
393216:zP8iKeu0N+Fg4no0HyONwMEm3+KevRAwoC70mQgf6ewrZsEn8ey6xGSx:IiY0YxE6w23+Kt57PebEx
Static task
static1
Behavioral task
behavioral1
Sample
LKV1.5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
LKV1.5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
plugin/plugin.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
plugin/plugin.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
plugin/sdp.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
plugin/sdp.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
LKV1.5.exe
-
Size
5.8MB
-
MD5
5199a1f8f1960efaaff58651f2596d8e
-
SHA1
346a2616606a7227db838db0869e16edf334864b
-
SHA256
703d0b9160ba1f4b5ffd1fd7a73c1c2aeaa90198ed66b967b8352b37cbe876a0
-
SHA512
a777c2312b576366c9ae342bdb0204ea5bc0947a0e9d64eed93f158c962c68fc7ddd6da823e6399e79ae958c02e637ca045b906beec9eea77f2b09adc2f47b8f
-
SSDEEP
98304:qx4R9dM/FjxlUKKko2DYuDibBs+vW/BMYZHwXdQqpJID6Tgipfsc2Lqljdd0sbvO:+l/3mKEu2bBsXBMYZHMbIKgipfscRljs
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
plugin/plugin.exe
-
Size
8.5MB
-
MD5
f8ad11d7dd55179a16f8432d8065c7c7
-
SHA1
75866cdc9fd9c3b9cb5ee679875ec3557132080c
-
SHA256
a5b556d66b9973affb4f3b0bce00650e96eab80330cf6db43fdabd54080ff3ab
-
SHA512
5f16b30aff85f2f8c6d7db477dbfd00044685804842e569bab2866b55a947889dc7fb583d2158e3c867f7cd18263a97f860f86dd7848f6e9a35503598472b6e4
-
SSDEEP
196608:pkaiyat1U5PB5lkrVBwX+9BLsSbHFqwb1ERgld7fL+N5:pkPyae1krzwX+91s+XEyc5
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
plugin/sdp.exe
-
Size
6.2MB
-
MD5
b51abb96b619dd8aba5002aa4f871707
-
SHA1
d9416cdc4be762d184775ddb660cbe1484f357fa
-
SHA256
536322560f701bf09fe9ff223128e52c5d00f940c14f075b5a8ad0c10a8c1122
-
SHA512
d2e752eba414afe6f39c1d46d5d3b75b38438c7334c2b9c28a7bbd9cec9021a082f690bd982c9b876f0b8cd1baa2b7f89010de8e96196bef5176c9aae627630f
-
SSDEEP
196608:CGjpC5GZP6RzTY5fNh+FOnc3hwXUlWPxc/O:CYC+6axnGT3MoSxcm
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3