General
-
Target
Condo generator.rar
-
Size
19.4MB
-
Sample
241116-c537ysydmc
-
MD5
8e6a44c1eaccc4ee4e36a8ed6f55f895
-
SHA1
76f8de458e4f4367d38e43110e5b9f42798ca4c7
-
SHA256
dc007eedcc5771b76b7168e4be1c6b4f9b5a38cc358e94f9efe3ee53d245773b
-
SHA512
03b1e2824f15e51b3e3e009e163e6b864b98c46fab40362ff525ad4d7f0ecaee8d91400b059e7ee95b3af0c1dbff16fc6d19858f4808d5e002046994caa05c1c
-
SSDEEP
393216:MkhFwwbZtduA7cUAOeDnjuikVQ+Ueep397uMWTw2q1x:MsZR7cUAOsnjuRpUdpt7uKbx
Malware Config
Targets
-
-
Target
Condo generator/Condo generator.exe
-
Size
15.0MB
-
MD5
9b4f30c8171b1ed05efbd39090f83ca3
-
SHA1
a9754ed60a1a72bd21c9d4ab86cfdd450918c820
-
SHA256
86a3edf01329f734d35dbd4e263228b728bc4bcee07c795953ee27e2ea70d0dd
-
SHA512
5fb08c71f2da738fc26b45e1c7fa8227896f024a9a8bc49d0c31ad96fa9248e019eb0d78aea637fa6d9fe143b86dc3dc0b8188c1daa7ce64a87fe7e3674263cc
-
SSDEEP
196608:myHYrwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jh:VIHziK1piXLGVE4Ue0VJN
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3