General

  • Target

    file.exe

  • Size

    41.2MB

  • Sample

    241114-w8w3lavpgq

  • MD5

    7abd9cf3c1c7b8e12e309a517a1d64c0

  • SHA1

    63fc374e4498dedb181bb37aad0dc14813e45ba4

  • SHA256

    dd11a80576e2d535d1ffffeb53f9e72466e32ef39d833f43cd6e6f11fc365ebb

  • SHA512

    1c0d1a539e19edfcda7cd346fc2471988888293b52c625e29ce1a317c928ce97e44fcbcabb1bc4eda5a65b82d9e84eba4a2e864073bbcd3c3ae773693237544f

  • SSDEEP

    393216:qEr+7CAtJyEsYLrH95y/1uzVyQcNnxu+ds+o0ECKHOQKtuK+Vf6qrdWY6wdla9Fe:qdv86wQ0xYKq8HFrsPFlXxJ

Malware Config

Targets

    • Target

      file.exe

    • Size

      41.2MB

    • MD5

      7abd9cf3c1c7b8e12e309a517a1d64c0

    • SHA1

      63fc374e4498dedb181bb37aad0dc14813e45ba4

    • SHA256

      dd11a80576e2d535d1ffffeb53f9e72466e32ef39d833f43cd6e6f11fc365ebb

    • SHA512

      1c0d1a539e19edfcda7cd346fc2471988888293b52c625e29ce1a317c928ce97e44fcbcabb1bc4eda5a65b82d9e84eba4a2e864073bbcd3c3ae773693237544f

    • SSDEEP

      393216:qEr+7CAtJyEsYLrH95y/1uzVyQcNnxu+ds+o0ECKHOQKtuK+Vf6qrdWY6wdla9Fe:qdv86wQ0xYKq8HFrsPFlXxJ

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks