General

  • Target

    20241103-2303_9b00dad2b88b547ef554598a7ab9d6b6.zip

  • Size

    44.1MB

  • Sample

    241103-rj3fvswhkq

  • MD5

    e4a08aa416676ed6329a61b27356885a

  • SHA1

    bb96db3f719b9349599a97ed107a7fa896c061f2

  • SHA256

    4964a48475785cd01a1100f76392211f5fbcb51efbecc2cc078f5a07020daa8b

  • SHA512

    ebbcfe8652962d80a3565592906f7f58e201afe1b8a92e517cb74fc4c64065ed3134bcb010747c684e5d6f003fd2ecdbb50705f571f7ff9a5fabfc1211ef3049

  • SSDEEP

    786432:6R3x5NfiHynFexPGbN+t+aee5Ui/JyxFoPZ+YEgLuVy3cj6YyUavF5jBt6PYGa89:I37N6Hselp9/UFoP31uGo6cavjBaYPUF

Malware Config

Targets

    • Target

      Dark.exe

    • Size

      11.4MB

    • MD5

      e2ff17b3722c659484f776fc4d3abeeb

    • SHA1

      6c5b3f95a2ecaa554bac11850d4cef931584a326

    • SHA256

      be9351714cf6e7598f54bf5ae8c4c9dfdbd293b1b1506209bca74970295115eb

    • SHA512

      a28d906aee4c87d5079f6e0c29cea5d851f34fc78a0f838016db393de7c6f94c19a2ad8682810cc29bdf69c871b1a430658ef0d3d7d019f5e9cbaa63db19ef8f

    • SSDEEP

      196608:RyRlJ6qKd309BoknoIJuSzDbLyP8j/ckxvfrjYaqbJvhpJdNIBjsQ:UR3TKdv6oI0SbLL/cafrobzVc4Q

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Drops file in System32 directory

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks