General
-
Target
spoofer.exe
-
Size
16.6MB
-
Sample
241115-tq3rba1khk
-
MD5
d281e066869e71c21493343f210d0b76
-
SHA1
8bfe91f6688e1b9219672f180dc5d8dfd474db7d
-
SHA256
909c780134f28e7b9d026ce87b3bdc676a223afc2746526821cc7523adb56b0a
-
SHA512
8bb0856ba7d98c510a0c2c47f12e827a516d02f4d2d3ec79847bea8c549f3199540f7374beec4c0a8bc27c38f9d255fa2998fac615ae0131f32b9a43e740ef7c
-
SSDEEP
393216:Rg2LYKd1QLdGtByxjhIHqiK1piXLGVEcnZmKxXms57wYKZsbAo:RU4uMtAjFDiXH2ZmKYNsbAo
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
spoofer.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
spoofer.exe
-
Size
16.6MB
-
MD5
d281e066869e71c21493343f210d0b76
-
SHA1
8bfe91f6688e1b9219672f180dc5d8dfd474db7d
-
SHA256
909c780134f28e7b9d026ce87b3bdc676a223afc2746526821cc7523adb56b0a
-
SHA512
8bb0856ba7d98c510a0c2c47f12e827a516d02f4d2d3ec79847bea8c549f3199540f7374beec4c0a8bc27c38f9d255fa2998fac615ae0131f32b9a43e740ef7c
-
SSDEEP
393216:Rg2LYKd1QLdGtByxjhIHqiK1piXLGVEcnZmKxXms57wYKZsbAo:RU4uMtAjFDiXH2ZmKYNsbAo
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1