General
-
Target
Prankscript.exe
-
Size
69.0MB
-
Sample
241110-e1n9casnhq
-
MD5
2e5ec8b0a8af16b1d042367a86981938
-
SHA1
ecbacf37eefdf1154aef164b81b4242c96f13777
-
SHA256
bb74eeb349b280b04f90e7437f77eb53cfe209d7e4093c3ad093fc0be9817b3b
-
SHA512
fdacab5917ec8d3796f7382ca19fb932eb4f40ea07614229a7bfc57cfeacbb24c930b2857a59ccfb0a790e74cf465b009cefaf06fb17f9a250380871dc3f679f
-
SSDEEP
196608:bWfQecp8urErvI9pWjgN3ZdahF0pbH1AYfTRtQPCsZp/AA81s:Pp8urEUWjqeWxRR6zppas
Behavioral task
behavioral1
Sample
Prankscript.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Prankscript.exe
-
Size
69.0MB
-
MD5
2e5ec8b0a8af16b1d042367a86981938
-
SHA1
ecbacf37eefdf1154aef164b81b4242c96f13777
-
SHA256
bb74eeb349b280b04f90e7437f77eb53cfe209d7e4093c3ad093fc0be9817b3b
-
SHA512
fdacab5917ec8d3796f7382ca19fb932eb4f40ea07614229a7bfc57cfeacbb24c930b2857a59ccfb0a790e74cf465b009cefaf06fb17f9a250380871dc3f679f
-
SSDEEP
196608:bWfQecp8urErvI9pWjgN3ZdahF0pbH1AYfTRtQPCsZp/AA81s:Pp8urEUWjqeWxRR6zppas
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3