General

  • Target

    12112024_0002_Payload.exe

  • Size

    25.0MB

  • Sample

    241112-abp25atjar

  • MD5

    a0044986eec99f4b05358f1457be6ee8

  • SHA1

    bed5076d966b94c942487fd04e7074e861235ba2

  • SHA256

    24c7c6cc3124b20c717ac485e263193e351f0ab2e672b353b38688ba218bda9a

  • SHA512

    3ddb80bb5957cf514180692550fc5e3a916cb75d0cb99433924399f8185c0466eaf5deb6c77cb92daee3e9eec251a4479dfdf7968bd55bb47645a24d596860c3

  • SSDEEP

    786432:i9YiJVl8ZMj3hr8AW+e5RP96R+c+U4VdF5Kd:i98a3hr8AW+eHPgR6U4VdXKd

Malware Config

Targets

    • Target

      12112024_0002_Payload.exe

    • Size

      25.0MB

    • MD5

      a0044986eec99f4b05358f1457be6ee8

    • SHA1

      bed5076d966b94c942487fd04e7074e861235ba2

    • SHA256

      24c7c6cc3124b20c717ac485e263193e351f0ab2e672b353b38688ba218bda9a

    • SHA512

      3ddb80bb5957cf514180692550fc5e3a916cb75d0cb99433924399f8185c0466eaf5deb6c77cb92daee3e9eec251a4479dfdf7968bd55bb47645a24d596860c3

    • SSDEEP

      786432:i9YiJVl8ZMj3hr8AW+e5RP96R+c+U4VdF5Kd:i98a3hr8AW+eHPgR6U4VdXKd

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks