Resubmissions

12-11-2024 18:14

241112-wvr7gsybnd 7

12-11-2024 18:04

241112-wnww4axjas 7

General

  • Target

    Yenn Cool.exe

  • Size

    13.7MB

  • Sample

    241112-wnww4axjas

  • MD5

    d89381619305364692ac8909829bb530

  • SHA1

    ff72c031096443048764a2bebdc482efeb605de1

  • SHA256

    7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591

  • SHA512

    f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3

  • SSDEEP

    393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So

Malware Config

Targets

    • Target

      Yenn Cool.exe

    • Size

      13.7MB

    • MD5

      d89381619305364692ac8909829bb530

    • SHA1

      ff72c031096443048764a2bebdc482efeb605de1

    • SHA256

      7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591

    • SHA512

      f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3

    • SSDEEP

      393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks