Overview

overview

10

Static

static

10

IMAGE LOGG...er.exe

windows10-2004-x64

8

IMAGE LOGG...er.cfg

windows10-2004-x64

3

Resubmissions

13-11-2024 13:02

241113-p95ykascqa 10

13-11-2024 12:44

241113-pyz8ya1qbx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMAGE LOGGER.rar

  • Size

    26.8MB

  • Sample

    241113-p95ykascqa

  • MD5

    d972a13004c77cfc6482b40a031ad777

  • SHA1

    184e44d748fc41d7571def988a0fad94fb847896

  • SHA256

    d82f9cd1fbdd94233e41d9cc498e5ecacb276d18bad6e4e8830b1d924db48106

  • SHA512

    ce98f1ee87261d249dcf1963c18b5ba9ad438bbe169b4f5fb1064c87434590bf84d00a371c7bd336d0c31e3744965c82b136f4d28b48dc81810db986da62e284

  • SSDEEP

    393216:/RoSAENZflCKsHAwh1ddO9KuJYUeSznbR1FLHFAwTXbtB0TtLRZJyEhbtKivJ:6SAENZsUwrddO9KuJf3NlLTXbzafJ6ix

Score
10/10
blankgrabberdiscoveryexecutionpersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      IMAGE LOGGER/Image-Logger.exe

    • Size

      26.9MB

    • MD5

      2de15ff961b37e8c4adbeb98d2f3e63b

    • SHA1

      1fd0e9440e5c231c61061a03ed6770eebf2ebd47

    • SHA256

      deb17b39d8bfb61c95dabdce0ad4b2000647557f8b3d678a34bc135707f5dc16

    • SHA512

      186a41dd0a19d5aa202e4a7ae7979424aa7a90c9e59216fcfe04543fb8baed31526bd2c3bf39bbf194fe8c4cee175c4183be7cb3d0834a190b59bb335415431d

    • SSDEEP

      393216:Twe0JBz55GfnxPu5fTXgVRqB3Cx/+q9ePqiOpINHI3Z+GdwQSiLEOAa7F7wx/Fqn:ke0JBzmxmVEI+p+GGQVIOAUu4v5h

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalationpyinstallerspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      IMAGE LOGGER/loader.cfg

    • Size

      72B

    • MD5

      14dd624d81545d1f71419ec7ed0e8ff9

    • SHA1

      45c65cf7d21668fbbccf797e3c197398e68f14e1

    • SHA256

      8753316bac83333016b97b2c58df1abc90ac733bf532fb8854129a4ec058ad78

    • SHA512

      1125fd507a4ae9aeecbc39d11d1705d3c09cd4d8c0f43c242cb158a9921fcc0637b99ec8f83ed70f2e4641a06f539f1e484e7baedd3acc793782e412d5fd7063

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

System Information Discovery

1
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks