General
-
Target
loader.exe
-
Size
15.9MB
-
Sample
241108-aq2dpszqbs
-
MD5
4912f9dbb0c2ca0a2e8a79c60233123c
-
SHA1
7ebd10107c3fceb450ba835d8cb636d1ba23a25f
-
SHA256
378c4e6db3ebda0bda532c60eda3bacfcfe1953fc8510b37ac598d38310c9f3e
-
SHA512
424617c9ec59737ff34e710c97f4eeab21488d8410f94db6738b780a48ea425624dbf893fef765d6e7c23b1f9735f2519382ad2502402879f4fcb8bbf0554980
-
SSDEEP
393216:r2LYKd1QLd9tByxjhIHqiK1piXLGVEcePKxXmsg7wYPZVo:D4urtAjFDiXHNPKY9Vo
Behavioral task
behavioral1
Sample
loader.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
loader.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
loader.exe
-
Size
15.9MB
-
MD5
4912f9dbb0c2ca0a2e8a79c60233123c
-
SHA1
7ebd10107c3fceb450ba835d8cb636d1ba23a25f
-
SHA256
378c4e6db3ebda0bda532c60eda3bacfcfe1953fc8510b37ac598d38310c9f3e
-
SHA512
424617c9ec59737ff34e710c97f4eeab21488d8410f94db6738b780a48ea425624dbf893fef765d6e7c23b1f9735f2519382ad2502402879f4fcb8bbf0554980
-
SSDEEP
393216:r2LYKd1QLd9tByxjhIHqiK1piXLGVEcePKxXmsg7wYPZVo:D4urtAjFDiXHNPKY9Vo
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1