General

  • Target

    Executor - .ggexecutor.exe

  • Size

    20.5MB

  • Sample

    241106-bdql4svlfj

  • MD5

    6c70c518d4b59cbd04fe8ea34ef0a59f

  • SHA1

    ba90ac18c5388f3cc887fbd783718953652da8ad

  • SHA256

    c1ef62f58f140f78398e602a9df4351f8accf7a71709e5f53a6d5865605967fb

  • SHA512

    7223cd939fd5f2b38046318f45d5b4993d8dbda9c1d074a255b0531c14b55c8bb37f990fb2314a5228a65836a001c396c5f07583944da64c5c94ac43906f5762

  • SSDEEP

    393216:q9YiVVlj87dtwVoyo63hucVk3me5cGfdmnYM9/lNsondhLTW:q9YiVVl8ZwoQ3hrVaP5FEY8lTD

Malware Config

Targets

    • Target

      Executor - .ggexecutor.exe

    • Size

      20.5MB

    • MD5

      6c70c518d4b59cbd04fe8ea34ef0a59f

    • SHA1

      ba90ac18c5388f3cc887fbd783718953652da8ad

    • SHA256

      c1ef62f58f140f78398e602a9df4351f8accf7a71709e5f53a6d5865605967fb

    • SHA512

      7223cd939fd5f2b38046318f45d5b4993d8dbda9c1d074a255b0531c14b55c8bb37f990fb2314a5228a65836a001c396c5f07583944da64c5c94ac43906f5762

    • SSDEEP

      393216:q9YiVVlj87dtwVoyo63hucVk3me5cGfdmnYM9/lNsondhLTW:q9YiVVl8ZwoQ3hrVaP5FEY8lTD

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks