General

  • Target

    stub.exe

  • Size

    7.1MB

  • Sample

    241111-1wdsps1kfp

  • MD5

    19683336189f2a33c6c63ad6624bcfe4

  • SHA1

    fb9353d0c87ea1e6bc6f4ebf5d7ccabb883a0d43

  • SHA256

    36c3dbc12e75ffb7c636034e1b63caffc755e60598b6335c3121b8802210eb9c

  • SHA512

    7d6e48b3dd7de5e4034965259315bb8117b975fa9a42f302f0cd0c948bde322ea2caf30d17d82e9765f6516dfb112ad1df7d09b0bc90b4c0b26dcadf67bb6cb1

  • SSDEEP

    98304:ELohN568TmncqmbxaQBNBU5BtgMwzu+Zkh/tLiclDXc3/ZpS+3Go7x0bU0yFcKtM:Esh+sxbAQveXtwq+ZkiKDISc7x0vyW/

Malware Config

Targets

    • Target

      stub.exe

    • Size

      7.1MB

    • MD5

      19683336189f2a33c6c63ad6624bcfe4

    • SHA1

      fb9353d0c87ea1e6bc6f4ebf5d7ccabb883a0d43

    • SHA256

      36c3dbc12e75ffb7c636034e1b63caffc755e60598b6335c3121b8802210eb9c

    • SHA512

      7d6e48b3dd7de5e4034965259315bb8117b975fa9a42f302f0cd0c948bde322ea2caf30d17d82e9765f6516dfb112ad1df7d09b0bc90b4c0b26dcadf67bb6cb1

    • SSDEEP

      98304:ELohN568TmncqmbxaQBNBU5BtgMwzu+Zkh/tLiclDXc3/ZpS+3Go7x0bU0yFcKtM:Esh+sxbAQveXtwq+ZkiKDISc7x0vyW/

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks