General
-
Target
build.exe
-
Size
20.7MB
-
Sample
241110-3sy1ks1kbn
-
MD5
92b08e455cd066328e3b7b6cf36204cd
-
SHA1
871da677654e98f81dd047b5db01cde540838bdd
-
SHA256
9eb4576524cb313ed7ac3f3483f1ab3ed9b47feec59024da1c9b6962940324e6
-
SHA512
d4870a4017eecc2d3e47e7586b5236d292791eb46267fe01ca47625eec2efcd10937c4c0b0055b7dd290d6bdaf39ecf492b6d29da976bd556e7aae9acb333f38
-
SSDEEP
393216:MqPnLFXlrfh2Jp5qC3njkVQ8DOETgsvfGiKgcVWoWvE4GfL0Rm:9PLFXNfh50sQhE0Lsovt
Malware Config
Targets
-
-
Target
build.exe
-
Size
20.7MB
-
MD5
92b08e455cd066328e3b7b6cf36204cd
-
SHA1
871da677654e98f81dd047b5db01cde540838bdd
-
SHA256
9eb4576524cb313ed7ac3f3483f1ab3ed9b47feec59024da1c9b6962940324e6
-
SHA512
d4870a4017eecc2d3e47e7586b5236d292791eb46267fe01ca47625eec2efcd10937c4c0b0055b7dd290d6bdaf39ecf492b6d29da976bd556e7aae9acb333f38
-
SSDEEP
393216:MqPnLFXlrfh2Jp5qC3njkVQ8DOETgsvfGiKgcVWoWvE4GfL0Rm:9PLFXNfh50sQhE0Lsovt
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
2471f2d8744178b9a4daa207f054ffb6
-
SHA1
72e3feb2a82380af685b3871b718b337432dd7e1
-
SHA256
09027f09a20f42a186ef87afad59260e3f32aa4c64c3eaea86b6e09a73ea0a9a
-
SHA512
509cf8c538e4fd2216234c057dbefb374d8d4740ba943351319caa5f804457b72627cd7a0345a4cfd49fdeb1403444606e235671847c8b86a25b84c0b664d02c
-
SSDEEP
192:wqWJUR67D8whh7WdXwHihgJhwrG0sMdwlNSUnw:8JUR4P7Wu32rGhPrJw
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1