General

  • Target

    Newfolder4.rar

  • Size

    1.1MB

  • Sample

    241110-cvj2bsxdqk

  • MD5

    356f6e8762d1d5bc83d902e5d75e0533

  • SHA1

    82a22059cac559ceb65019edf0b6ff0d4bb17bcc

  • SHA256

    7a8aee0ff7f0eb5c8eda7fecdad3616e44adf6da1cd89dac50ae7e322f9d9ce3

  • SHA512

    8747c1ee01dd7fe2d0e09354c3fd24b273aca7dd4c2bd9117a515b5e626d6397913bba45c32e05d5de5a3e19bccd988256244c1a671cc55b31c3796a902c92c1

  • SSDEEP

    24576:LkxtJ6z9Gt46DvZsUuA3lVVBnM/CMp/cmRHm1E06Bbq:Lk389Gt46DBsRMlVMaMp/FH9Bbq

Malware Config

Targets

    • Target

      New folder (4)/free robbux/BrowsingHistoryView.exe

    • Size

      328KB

    • MD5

      d904768ad20e0a62b10b99c64931570b

    • SHA1

      64c55b7f74ed9b7214c390ed4a35b383c536b55d

    • SHA256

      96a74d742c4cc761d1807f263844ad6c152f54b248362d2a2dc832d030dc29d8

    • SHA512

      d91327b4b9f3a77d624dca7f21a0b8fd17662e79dc16045e87bbb59299fc3a8d32a68e328a32efaf7938a675addf165e6296f2afae6d0b9cf3a3cb9efc7f4d0f

    • SSDEEP

      6144:ARjPCc2a/v3TCUX0DB1XUrzD2b27xkaIepAtcmq5:lA9CKrzDmp4/

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/ChromeHistoryView.exe

    • Size

      166KB

    • MD5

      2907f996b66c0d6865c1d018c40a3e3c

    • SHA1

      0abb66d16df4f548a27c601256dcd4a13f29d6ec

    • SHA256

      7763a894a09e9ec525acce501c2fd219c87d2a3c74d02afbbc687fb6e5ade65d

    • SHA512

      72e78a6e1efc58ba434c67a0d0357c4da23643d04bb59fd69d6d7ed6339eee6a24726f8fffc0b370cb44333b09c756ebd3b1b4865cc44124efdb79f0306d7145

    • SSDEEP

      3072:w7JeQvVTseGHB4WODZdh0+CARAzaA3tSg+hxOxuwicmAUamMFir:w78isVhibzCARcaCB+r8tDmAUam

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      New folder (4)/free robbux/ChromePass.exe

    • Size

      214KB

    • MD5

      7b641e136f446860c48a3a870523249f

    • SHA1

      f55465c1581b8cc1a012d3b7d8504c55e8e66e1c

    • SHA256

      4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382

    • SHA512

      fd6f09775539e77e83927585d8a3ef230399be5bd0798f073e925113faf219225145df230fc0d232c8c6d1f0ec28936b7ac593dcb25f72796310f117811bd09b

    • SSDEEP

      3072:MqAceXnK1+cDhMoz0tK14S23JAzZz67uM5/CR7HVmvEuXb1/ef5iJ3l3kyY7Za:M/jchMoStJqzk4R7EvEuXJ/Oi9l3kc

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/OperaPassView.exe

    • Size

      39KB

    • MD5

      8b4ae559ad7836b27ee9f8f171be8139

    • SHA1

      c60ddcfc7b3954f4d0d515b1fdaf47c6999e50a4

    • SHA256

      1130504f6095d2b09fb1ad39323ab9448798b41eb925539e2128160cec106609

    • SHA512

      df13ae1aa3b481d1a819736af6dbf5fea5c930a1fe18ea0368a0d2efbe20334626dd90b42757bf8ef080f229e502c97cd6f5173738bc4967e26a04aee61c040b

    • SSDEEP

      768:L2ivyslykfdDY/D16P71WO9xyOMEdSv2mtAl4B6FEfP0JtyEECLvxYZqw:ii6q5dE/Kj/5iUJDglqw

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      New folder (4)/free robbux/PasswordFox.exe

    • Size

      81KB

    • MD5

      1d09a1fb8cd5bbc0ce008d6df52ca7c1

    • SHA1

      64d06f4325551f05057ab9210f9d680417b75d8d

    • SHA256

      a4094e317a04a863e0cd8f66a4b8891d1d66261abe7c25aa83d534f17fcf1c40

    • SHA512

      42f8e8f2d1624c66cc81b1086e8148ff42c0759d1950602590d0064175f360117ed118f436d8d44f686c351b589d71bcc823a1a831785fae3a76b4264700a27f

    • SSDEEP

      1536:sfFduXbNkCUb9GEfwZqjLinXdYibws0zEe6RGV7rH7zgwyeg:oFdqkCUb9GbZqvinXdYibz0we6gV7rHW

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/RouterPassView.exe

    • Size

      71KB

    • MD5

      e8e5092e66437517f5940e1498075ccb

    • SHA1

      92518cd8f52fc30e852f3b51450f9288b2f36b70

    • SHA256

      cee7a91f25d2bed0ba442b25bc5a4c516c61d4bacb3c096dfdbda29efb99a140

    • SHA512

      af5244603718e211f851b92a71f4fa794475a76bce2c4d10fe58dc2de0f6af03adde64e2e3a25918297f51fadba10a9533fb31cfeef0361b31ae93b891abcaca

    • SSDEEP

      1536:Gw0y1nAzKcbvLx+qLxxugU3GI71x5wVtsUtvc4R3Z0qehOx:GwDNTc/04NG7hx5wVuiBR3Z0qX

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      New folder (4)/free robbux/SkypeLogView.exe

    • Size

      176KB

    • MD5

      785d31c38a4b22d5565553ff1ea237d2

    • SHA1

      3328ce00d2f9cfe8c8a7e1f160608531b1b2e3d6

    • SHA256

      8a9fa898036cba2b6a8face4857ce39dca55fb97659cb72c3c51d18b4bf8f01e

    • SHA512

      1f16091d14ed2906021a643e96b192f7893f7c5fe0b38ac3bd9ce906ee17a847f97648a1084336f8a6a31de72174e34b21fd3c64aa9c0b1822290e57b603d5b9

    • SSDEEP

      3072:5qZCncA72odyw83PYEreyqhWLwr9/Uv0qFyMMxQimJUuXdK/c7oDJwJinMgZskrw:5tQocxCzvLYaQimGwdK/c7Y4gr05

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      New folder (4)/free robbux/WebBrowserPassView.exe

    • Size

      322KB

    • MD5

      72fd6461a367042c3a0a661eda3e54ee

    • SHA1

      3173415de5974721403dee428734a1770a209343

    • SHA256

      968f4d16f90626f97ee929ec1b0ef9b78033c5cd1914de26e751091d078e2d4c

    • SHA512

      0ce286e6a1248d7597ab2b86d015855168af61124b272073dd6b14ff0f3c2f60b94fedebc73bb3cf4731f42e8d7b39915b19c56ba7ebff84835a734b8a1beb83

    • SSDEEP

      6144:YsLJowx1cVu3Ml1f28Bdc33je5NfA9NAtaKkihA:YC7xpkLDc38495Kkv

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/iepv.exe

    • Size

      43KB

    • MD5

      c861fe184e271d6e2ba958da306ba748

    • SHA1

      b039e4d8e70261dfdf8ee521dcbc3e04348423a5

    • SHA256

      f8a112b0d1ce4142e4d69cadfc2748c27026b491532fba18d9160f7eb48b4886

    • SHA512

      ea127eaa149b5ff1b1f1de3891563b2e064e043f03e48ca298d3539e1f572297abd4efd951021372ba0090b8c30c06e7d144bec6d9828a5cc08a644155a8f3ce

    • SSDEEP

      768:TI/86WM0Rk9UXwYlX154ozTouldUZlhPOH6lvXsV:uKkKgYlXck075POaVXsV

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      New folder (4)/free robbux/mailpv.exe

    • Size

      96KB

    • MD5

      db19075b6a18a679cc10f4a6a8be7b3d

    • SHA1

      3da06ff6009b3d68a8a5f5f40c3a5a01777ae356

    • SHA256

      ed911e9f4a61d62b2f97922a8bc277890f4b1ff95ec1394dc6a1fdab7dcae2af

    • SHA512

      6d7c7842cee99949d176f5846d33e64e7c5ca7de9e4670c48dab49ef5ed810c0e10ae9c80dcd535168989d39e8e53271e03edebcb2f4d53ca5b6042fa4694041

    • SSDEEP

      1536:KHMWvbUW1YC9Xn+jOs9aUjsxhe2k11emO1bK2Rgmc/79X0dZbn9w2K0f:uMWvbH1Yy+C49jYJcerbG7/g9w2K0f

    Score
    6/10
    • Target

      New folder (4)/free robbux/mspass.exe

    • Size

      65KB

    • MD5

      ffc52f2b4435fcddaca6e15489a88b75

    • SHA1

      63ec31a04cf176852344d544ae855da0dac64980

    • SHA256

      3f3c8484962b395f304a836ee5e8ee17beaafe982795c9747d8ee98cc6e4ca8f

    • SHA512

      389694feccfe6ca352705b9481913fece6d1d47083f235ccdd60c05cfda82606be53845fde0dba8ec3f3748f820a828c9be0ce078c8b9cc853285b23f172841c

    • SSDEEP

      1536:hBcOUiUlO1/DXn4cHJ4dPaCnpWqOaeziqf7mvvXWVcZ0:hBcu/hDXn/JgaMEjaOsXV6

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      New folder (4)/free robbux/pspv.exe

    • Size

      51KB

    • MD5

      35861f4ea9a8ecb6c357bdb91b7df804

    • SHA1

      836cb49c8d08d5e305ab8976f653b97f1edba245

    • SHA256

      64788b6f74875aed53ca80669b06f407e132d7be49586925dbb3dcde56cbca9c

    • SHA512

      0fdfe62c86c8601bb98991149eea51ddf91b812ad2c2d45e53aaf1f36a09d00aaf02fc3d183179cf5367fda09d6f62d36c0187da2dfa5e08df4c07cf634690be

    • SSDEEP

      768:JWNjuQOjoBiZFmOlhAIqAs8Q65bQPC1/u8fxmZTxeA9r7Vw:JWNaQOjgiZFmOlpCrq1/ubZTxT9r7V

    Score
    3/10
    • Target

      New folder (4)/free robbux/robuxboi.bat

    • Size

      7KB

    • MD5

      65dcdf6be470f4b69915c4cbf7c10877

    • SHA1

      e480cf30454a0f5c09ac73cdf72192a1abf26713

    • SHA256

      6cfb933d54ecd331128570b9ed31c25a7520dcd70fc8cbac041f78c90abaa509

    • SHA512

      3f8e19f84bf4789c91937c902c799ae59c29b8087176f6d02d22bde2b0336fed58377b82df4c72f532ce99714ee1d885b325a01fbec267bdf981d6d58038b567

    • SSDEEP

      96:dy1jI+hFjju23zX0FoyFaIU7yeevW5My0FEvVkv2vt98JQyFjKq1eGWWg:dKLjaQzX0aaaIK70FKVPP7ysCzrg

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Accesses Microsoft Outlook accounts

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
9/10

behavioral1

discoveryspywarestealer
Score
7/10

behavioral2

discoveryspywarestealer
Score
7/10

behavioral3

discoveryspywarestealerupx
Score
9/10

behavioral4

discoveryspywarestealerupx
Score
9/10

behavioral5

discoveryspywarestealer
Score
7/10

behavioral6

discoveryspywarestealer
Score
7/10

behavioral7

discoveryupx
Score
9/10

behavioral8

discoveryupx
Score
9/10

behavioral9

discoveryspywarestealer
Score
7/10

behavioral10

discoveryspywarestealer
Score
7/10

behavioral11

discoveryupx
Score
9/10

behavioral12

discoveryupx
Score
9/10

behavioral13

discoveryupx
Score
9/10

behavioral14

discoveryupx
Score
9/10

behavioral15

discoveryspywarestealer
Score
7/10

behavioral16

discoveryspywarestealer
Score
7/10

behavioral17

discoveryupx
Score
9/10

behavioral18

discoveryupx
Score
9/10

behavioral19

collectiondiscovery
Score
6/10

behavioral20

collectiondiscovery
Score
6/10

behavioral21

discoveryspywarestealerupx
Score
9/10

behavioral22

discoveryspywarestealerupx
Score
9/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

collectiondiscoveryupx
Score
9/10

behavioral26

collectiondiscoveryupx
Score
9/10