General

  • Target

    free hecks.exe

  • Size

    20.2MB

  • Sample

    241103-zw52hstmby

  • MD5

    53b134826d5c036f87e2acc22b10b159

  • SHA1

    50c698af25e92c46d78e04519454389fca9795fb

  • SHA256

    0e414694d08123f2f0639603ff0f3c8105554653d393a20d42b295cc74882244

  • SHA512

    bbfc7ee8e65fe2209b0f4186c5eb1309940b804694e746f96bcfa050bc41654e14b727923d934b459676d2cfe4747b3f2c9ab4ec3cef005f4ccbbf1a7e154c3b

  • SSDEEP

    393216:q2L7Y1RtByxjXBYFzLNHyZOOOOOOOOOOOOOn3F7nSGt7G/8MQc/jTiNV2ZgZdZnL:UtAj2PyUln+PQajEV2Z23F

Malware Config

Targets

    • Target

      free hecks.exe

    • Size

      20.2MB

    • MD5

      53b134826d5c036f87e2acc22b10b159

    • SHA1

      50c698af25e92c46d78e04519454389fca9795fb

    • SHA256

      0e414694d08123f2f0639603ff0f3c8105554653d393a20d42b295cc74882244

    • SHA512

      bbfc7ee8e65fe2209b0f4186c5eb1309940b804694e746f96bcfa050bc41654e14b727923d934b459676d2cfe4747b3f2c9ab4ec3cef005f4ccbbf1a7e154c3b

    • SSDEEP

      393216:q2L7Y1RtByxjXBYFzLNHyZOOOOOOOOOOOOOn3F7nSGt7G/8MQc/jTiNV2ZgZdZnL:UtAj2PyUln+PQajEV2Z23F

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks