Resubmissions

08/11/2024, 22:32

241108-2gdptszrc1 7

General

  • Target

    patchnewworking12.exe

  • Size

    69.0MB

  • Sample

    241108-2gdptszrc1

  • MD5

    8f8c1589ecc8abdafaf464e2a841db92

  • SHA1

    ba82bf07804227b26813ac9a7324685d909d15c8

  • SHA256

    6b6d80db6681156d8062094052e39fa6c789f149dab5994de376201a80525f01

  • SHA512

    9d3969cf5b4c038920b8e8f4c7d217bf2a49d0dd7864c735b64dba395177bf096127b6b71582615e1438b4033f7448b8f65fffcf06158c32477034c15b7fac2a

  • SSDEEP

    1572864:C+dQcWmE3hr+LX5WJoWbgWRSgkNOXWxtQSNDC3yxprMuzIy6R+R:C+d9DYr4X5M3gbcKCz3qMuzwR+

Malware Config

Targets

    • Target

      patchnewworking12.exe

    • Size

      69.0MB

    • MD5

      8f8c1589ecc8abdafaf464e2a841db92

    • SHA1

      ba82bf07804227b26813ac9a7324685d909d15c8

    • SHA256

      6b6d80db6681156d8062094052e39fa6c789f149dab5994de376201a80525f01

    • SHA512

      9d3969cf5b4c038920b8e8f4c7d217bf2a49d0dd7864c735b64dba395177bf096127b6b71582615e1438b4033f7448b8f65fffcf06158c32477034c15b7fac2a

    • SSDEEP

      1572864:C+dQcWmE3hr+LX5WJoWbgWRSgkNOXWxtQSNDC3yxprMuzIy6R+R:C+d9DYr4X5M3gbcKCz3qMuzwR+

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks