General

  • Target

    9b80b202f352b73e3358496d543507ebd31155cb56378c40332a79eccfac1a8b

  • Size

    6.0MB

  • Sample

    241110-a9n8gsvnhz

  • MD5

    8ce2acd49dc839b8c8c3d57bb8e8e59a

  • SHA1

    32c3619515539f1a9dfd156f4273c87009e116e1

  • SHA256

    9b80b202f352b73e3358496d543507ebd31155cb56378c40332a79eccfac1a8b

  • SHA512

    927830459e67c658c7700d29f9b638bc201d6132778012261a223abe279ff555550bb433cc63cb7c8478c9c8b3cfb649964f6725f41b29332cfe4609cdc49da7

  • SSDEEP

    98304:bSEtdFBgwnamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R1PMtmJ3OkMWCT/:b5FseN/FJMIDJf0gsAGK4R1ktXWCT/

Malware Config

Targets

    • Target

      9b80b202f352b73e3358496d543507ebd31155cb56378c40332a79eccfac1a8b

    • Size

      6.0MB

    • MD5

      8ce2acd49dc839b8c8c3d57bb8e8e59a

    • SHA1

      32c3619515539f1a9dfd156f4273c87009e116e1

    • SHA256

      9b80b202f352b73e3358496d543507ebd31155cb56378c40332a79eccfac1a8b

    • SHA512

      927830459e67c658c7700d29f9b638bc201d6132778012261a223abe279ff555550bb433cc63cb7c8478c9c8b3cfb649964f6725f41b29332cfe4609cdc49da7

    • SSDEEP

      98304:bSEtdFBgwnamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R1PMtmJ3OkMWCT/:b5FseN/FJMIDJf0gsAGK4R1ktXWCT/

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks