Resubmissions

12-11-2024 18:14

241112-wvr7gsybnd 7

12-11-2024 18:04

241112-wnww4axjas 7

General

  • Target

    Yenn Cool.exe

  • Size

    13.7MB

  • Sample

    241112-wvr7gsybnd

  • MD5

    d89381619305364692ac8909829bb530

  • SHA1

    ff72c031096443048764a2bebdc482efeb605de1

  • SHA256

    7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591

  • SHA512

    f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3

  • SSDEEP

    393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So

Malware Config

Targets

    • Target

      Yenn Cool.exe

    • Size

      13.7MB

    • MD5

      d89381619305364692ac8909829bb530

    • SHA1

      ff72c031096443048764a2bebdc482efeb605de1

    • SHA256

      7050faa77423879af7a746ec4868ca467b26bcbc690c1f240a86ab5a8b01a591

    • SHA512

      f7b8047703d691003610bf75dbb509be3afb79fc9b0b81f087e8522f4620fa8442d90d59a8843cfa716ed2ef70eaa87c39a799af228c0f789b1d1260481fe7a3

    • SSDEEP

      393216:YiIE7Yopp5Yk3meBcGfd9YMpnk9OneZo:57r9YaT5F9YS9So

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      cstealer.pyc

    • Size

      75KB

    • MD5

      9ce7e95ef2d91a18cff76642c2f1e84b

    • SHA1

      f717c6aa54cd4a310bfd7db3b4d19481f55b76cc

    • SHA256

      08a525b8b94ebef21453061daf911cd41eca47c0a11f871d2bf9b64094159cc2

    • SHA512

      52d62fbc6eb0de149e6f30da540d581a45dd4cf251aa3a86f4f8a9059f914955a832dcab6f8c69c7a9e06b31326e2651f02c2c3556a12c02bf6195704ec68600

    • SSDEEP

      1536:NH8WOzxPVpuOsJlm4I2Is8kRaO+ZWguXvDcDRhew:NH8JF72Is89egmvDcDRZ

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks