Resubmissions

10/11/2024, 07:05

241110-hwwpeavnhn 9

10/11/2024, 07:04

241110-hv96easbml 9

General

  • Target

    New folder (4).rar

  • Size

    1.1MB

  • Sample

    241110-hwwpeavnhn

  • MD5

    356f6e8762d1d5bc83d902e5d75e0533

  • SHA1

    82a22059cac559ceb65019edf0b6ff0d4bb17bcc

  • SHA256

    7a8aee0ff7f0eb5c8eda7fecdad3616e44adf6da1cd89dac50ae7e322f9d9ce3

  • SHA512

    8747c1ee01dd7fe2d0e09354c3fd24b273aca7dd4c2bd9117a515b5e626d6397913bba45c32e05d5de5a3e19bccd988256244c1a671cc55b31c3796a902c92c1

  • SSDEEP

    24576:LkxtJ6z9Gt46DvZsUuA3lVVBnM/CMp/cmRHm1E06Bbq:Lk389Gt46DBsRMlVMaMp/FH9Bbq

Malware Config

Targets

    • Target

      New folder (4).rar

    • Size

      1.1MB

    • MD5

      356f6e8762d1d5bc83d902e5d75e0533

    • SHA1

      82a22059cac559ceb65019edf0b6ff0d4bb17bcc

    • SHA256

      7a8aee0ff7f0eb5c8eda7fecdad3616e44adf6da1cd89dac50ae7e322f9d9ce3

    • SHA512

      8747c1ee01dd7fe2d0e09354c3fd24b273aca7dd4c2bd9117a515b5e626d6397913bba45c32e05d5de5a3e19bccd988256244c1a671cc55b31c3796a902c92c1

    • SSDEEP

      24576:LkxtJ6z9Gt46DvZsUuA3lVVBnM/CMp/cmRHm1E06Bbq:Lk389Gt46DBsRMlVMaMp/FH9Bbq

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/BrowsingHistoryView.exe

    • Size

      328KB

    • MD5

      d904768ad20e0a62b10b99c64931570b

    • SHA1

      64c55b7f74ed9b7214c390ed4a35b383c536b55d

    • SHA256

      96a74d742c4cc761d1807f263844ad6c152f54b248362d2a2dc832d030dc29d8

    • SHA512

      d91327b4b9f3a77d624dca7f21a0b8fd17662e79dc16045e87bbb59299fc3a8d32a68e328a32efaf7938a675addf165e6296f2afae6d0b9cf3a3cb9efc7f4d0f

    • SSDEEP

      6144:ARjPCc2a/v3TCUX0DB1XUrzD2b27xkaIepAtcmq5:lA9CKrzDmp4/

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/ChromeHistoryView.exe

    • Size

      166KB

    • MD5

      2907f996b66c0d6865c1d018c40a3e3c

    • SHA1

      0abb66d16df4f548a27c601256dcd4a13f29d6ec

    • SHA256

      7763a894a09e9ec525acce501c2fd219c87d2a3c74d02afbbc687fb6e5ade65d

    • SHA512

      72e78a6e1efc58ba434c67a0d0357c4da23643d04bb59fd69d6d7ed6339eee6a24726f8fffc0b370cb44333b09c756ebd3b1b4865cc44124efdb79f0306d7145

    • SSDEEP

      3072:w7JeQvVTseGHB4WODZdh0+CARAzaA3tSg+hxOxuwicmAUamMFir:w78isVhibzCARcaCB+r8tDmAUam

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      out.upx

    • Size

      282KB

    • MD5

      5931585f3819e1c0d2a97fbc1bda46f7

    • SHA1

      6e780ab69c9e2b276978483e856c1206af0463cb

    • SHA256

      4c821787ac41661408a19377ae54fbb181f36ffb2953c3a089ed0f68e9f801c0

    • SHA512

      007e23d76c2fd85eab52e8686c47e70324bdb17ea2b06256bf45f4d5529cde4008cb1037979f8d15ad37060f20d017dbdc9ee9c1d52f20a706bb6ca3120351ab

    • SSDEEP

      6144:vQw32C98Q97M2Om3hQBVBsJZKXI1H7WqooBwiAt:vGikKxQBVBy19G

    Score
    1/10
    • Target

      New folder (4)/free robbux/ChromePass.cfg

    • Size

      315B

    • MD5

      71775bf8ae53af053d3b70c31d3784e1

    • SHA1

      1b12d1fb8e42b7802703c316bfedefe2e7f6b311

    • SHA256

      f8bbdb15bb930ade0a5ede05a1c59a035acf9156e4ac3ed6e6f6266a4a283d64

    • SHA512

      f9402e311e58bee5c9b085118ef6b0b93527b5d865077649f5b702e67f56c46c1ad4c2f12a0a9098feee2048574bbe8a8a6b2fb7940ae31ea810bdb23ae9791f

    Score
    3/10
    • Target

      New folder (4)/free robbux/ChromePass.exe

    • Size

      214KB

    • MD5

      7b641e136f446860c48a3a870523249f

    • SHA1

      f55465c1581b8cc1a012d3b7d8504c55e8e66e1c

    • SHA256

      4cd6ed20baffc008b69642cd4687249fa0568c8bb8e29ce601ab6fef8a667382

    • SHA512

      fd6f09775539e77e83927585d8a3ef230399be5bd0798f073e925113faf219225145df230fc0d232c8c6d1f0ec28936b7ac593dcb25f72796310f117811bd09b

    • SSDEEP

      3072:MqAceXnK1+cDhMoz0tK14S23JAzZz67uM5/CR7HVmvEuXb1/ef5iJ3l3kyY7Za:M/jchMoStJqzk4R7EvEuXJ/Oi9l3kc

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/OperaPassView.exe

    • Size

      39KB

    • MD5

      8b4ae559ad7836b27ee9f8f171be8139

    • SHA1

      c60ddcfc7b3954f4d0d515b1fdaf47c6999e50a4

    • SHA256

      1130504f6095d2b09fb1ad39323ab9448798b41eb925539e2128160cec106609

    • SHA512

      df13ae1aa3b481d1a819736af6dbf5fea5c930a1fe18ea0368a0d2efbe20334626dd90b42757bf8ef080f229e502c97cd6f5173738bc4967e26a04aee61c040b

    • SSDEEP

      768:L2ivyslykfdDY/D16P71WO9xyOMEdSv2mtAl4B6FEfP0JtyEECLvxYZqw:ii6q5dE/Kj/5iUJDglqw

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      out.upx

    • Size

      71KB

    • MD5

      4fcc7f531f66c92e331bfa8a28e3005c

    • SHA1

      73e783080c0f2124fac2c41c6cd46e79892e7b7c

    • SHA256

      70d71fb85db2cb2c01fb1aa401c13bbafd046888878c420ee7c54976a2cc4b8c

    • SHA512

      b54bf302bb0857aac5c345ca3b5531625948c539a20c26ef7148f0ed6a4f8af631ad6f5154f0e1720681af3956dd01b31539d6030134724000d4b908d291ed51

    • SSDEEP

      1536:Ygypm9xoPkrl7EsJwBbllvQDcZBqw5Y7:Ygy0oPkr1E9blGEww5Y7

    Score
    1/10
    • Target

      New folder (4)/free robbux/PasswordFox.cfg

    • Size

      612B

    • MD5

      332593f96c49ec52be3be9076ef33325

    • SHA1

      186653be0ae1a32a4354d2421ad5eb731019f7ac

    • SHA256

      5a50adbaf2d4ab9fcbb09468a3fd58ca4be0421afd8c53988c6d59e909084541

    • SHA512

      607d3ad1a27c232189c335216d00cf51452204250481e71afea73d59fc9ba3226299aef10221a6a41fc58d95d42bf8a3569947bd6f31b2ede4bc065ec15592d5

    Score
    3/10
    • Target

      New folder (4)/free robbux/PasswordFox.exe

    • Size

      81KB

    • MD5

      1d09a1fb8cd5bbc0ce008d6df52ca7c1

    • SHA1

      64d06f4325551f05057ab9210f9d680417b75d8d

    • SHA256

      a4094e317a04a863e0cd8f66a4b8891d1d66261abe7c25aa83d534f17fcf1c40

    • SHA512

      42f8e8f2d1624c66cc81b1086e8148ff42c0759d1950602590d0064175f360117ed118f436d8d44f686c351b589d71bcc823a1a831785fae3a76b4264700a27f

    • SSDEEP

      1536:sfFduXbNkCUb9GEfwZqjLinXdYibws0zEe6RGV7rH7zgwyeg:oFdqkCUb9GbZqvinXdYibz0we6gV7rHW

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      New folder (4)/free robbux/README.md

    • Size

      467B

    • MD5

      86f9525323483f22a60bb494755b886b

    • SHA1

      4e465c3aa0b6a70781fb65c243ac777ccc33425a

    • SHA256

      24ca30cdd8391a3b8f7cd87ccd0c2ae04bc4ff1dcf369023b16ca50087777b5d

    • SHA512

      69827484de375f00dc92ef59ce482affae73159dc2cface1512cdd861808312245be58c04a743b5b3064a60a2a8cd417b8b0254806e89014f989c45c0e2d82a9

    Score
    3/10
    • Target

      New folder (4)/free robbux/RouterPassView.exe

    • Size

      71KB

    • MD5

      e8e5092e66437517f5940e1498075ccb

    • SHA1

      92518cd8f52fc30e852f3b51450f9288b2f36b70

    • SHA256

      cee7a91f25d2bed0ba442b25bc5a4c516c61d4bacb3c096dfdbda29efb99a140

    • SHA512

      af5244603718e211f851b92a71f4fa794475a76bce2c4d10fe58dc2de0f6af03adde64e2e3a25918297f51fadba10a9533fb31cfeef0361b31ae93b891abcaca

    • SSDEEP

      1536:Gw0y1nAzKcbvLx+qLxxugU3GI71x5wVtsUtvc4R3Z0qehOx:GwDNTc/04NG7hx5wVuiBR3Z0qX

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      out.upx

    • Size

      121KB

    • MD5

      65de058371131d1d0e7e7013e30b363c

    • SHA1

      d29b74805a5365b5d67f994e47ee1afe317120ea

    • SHA256

      d2bc5c434177fa16ad9ce47b54b1cc54380e528e3b984b8224dfd61b200c17e3

    • SHA512

      8b0d5fa114762a8951fd96332e02adaaf3ca513becc33676ef3bb995e65ba9307ecde48856e94205359d9e1082514f105e0c10d19bbb2c198aa7a2e3a2c217dd

    • SSDEEP

      3072:uWvsHSyzluVNKeKlP2uPJKYneToNZrYiBR3Z0qV7:houVNKeDhYUoTr

    Score
    1/10
    • Target

      New folder (4)/free robbux/SkypeLogView.exe

    • Size

      176KB

    • MD5

      785d31c38a4b22d5565553ff1ea237d2

    • SHA1

      3328ce00d2f9cfe8c8a7e1f160608531b1b2e3d6

    • SHA256

      8a9fa898036cba2b6a8face4857ce39dca55fb97659cb72c3c51d18b4bf8f01e

    • SHA512

      1f16091d14ed2906021a643e96b192f7893f7c5fe0b38ac3bd9ce906ee17a847f97648a1084336f8a6a31de72174e34b21fd3c64aa9c0b1822290e57b603d5b9

    • SSDEEP

      3072:5qZCncA72odyw83PYEreyqhWLwr9/Uv0qFyMMxQimJUuXdK/c7oDJwJinMgZskrw:5tQocxCzvLYaQimGwdK/c7Y4gr05

    Score
    9/10
    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      out.upx

    • Size

      294KB

    • MD5

      41aff1939a7d97ce6413f484ea840c9d

    • SHA1

      ef908d77a01b7519433eb343d407bc32edf60efb

    • SHA256

      54c4b9f5930bb24c68e20df0e0898c1c336b5fc3c233010de56732db7a9f9ed3

    • SHA512

      9d41f2bae2f69ac20d7fe7be5bd9c9c57e9e1a2138e41e65dcdb775fb43cbb52bdf98ae41933e15f4c6a12d40a1e50a67ca07f58888fb8de76502a5239227edb

    • SSDEEP

      6144:DO+bvpj3E57oB03+x78JbesZ+q3IiK0KfxWyodw:PBD0M8+SNZ+8ifCdw

    Score
    1/10
    • Target

      New folder (4)/free robbux/WebBrowserPassView.exe

    • Size

      322KB

    • MD5

      72fd6461a367042c3a0a661eda3e54ee

    • SHA1

      3173415de5974721403dee428734a1770a209343

    • SHA256

      968f4d16f90626f97ee929ec1b0ef9b78033c5cd1914de26e751091d078e2d4c

    • SHA512

      0ce286e6a1248d7597ab2b86d015855168af61124b272073dd6b14ff0f3c2f60b94fedebc73bb3cf4731f42e8d7b39915b19c56ba7ebff84835a734b8a1beb83

    • SSDEEP

      6144:YsLJowx1cVu3Ml1f28Bdc33je5NfA9NAtaKkihA:YC7xpkLDc38495Kkv

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
9/10

behavioral1

discoveryspywarestealer
Score
9/10

behavioral2

Score
1/10

behavioral3

discoveryspywarestealer
Score
7/10

behavioral4

discoveryspywarestealer
Score
7/10

behavioral5

discoveryspywarestealerupx
Score
9/10

behavioral6

discoveryspywarestealerupx
Score
9/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discoveryspywarestealer
Score
7/10

behavioral12

discoveryspywarestealer
Score
7/10

behavioral13

discoveryupx
Score
9/10

behavioral14

discoveryupx
Score
9/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discoveryspywarestealer
Score
7/10

behavioral20

discoveryspywarestealer
Score
7/10

behavioral21

discovery
Score
3/10

behavioral22

Score
3/10

behavioral23

discoveryupx
Score
9/10

behavioral24

discoveryupx
Score
9/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discoveryupx
Score
9/10

behavioral28

discoveryupx
Score
9/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

discoveryspywarestealer
Score
7/10

behavioral32

discoveryspywarestealer
Score
7/10