General
-
Target
Condo generator.exe
-
Size
15.0MB
-
Sample
241116-xgawqa1kdw
-
MD5
9b4f30c8171b1ed05efbd39090f83ca3
-
SHA1
a9754ed60a1a72bd21c9d4ab86cfdd450918c820
-
SHA256
86a3edf01329f734d35dbd4e263228b728bc4bcee07c795953ee27e2ea70d0dd
-
SHA512
5fb08c71f2da738fc26b45e1c7fa8227896f024a9a8bc49d0c31ad96fa9248e019eb0d78aea637fa6d9fe143b86dc3dc0b8188c1daa7ce64a87fe7e3674263cc
-
SSDEEP
196608:myHYrwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jh:VIHziK1piXLGVE4Ue0VJN
Behavioral task
behavioral1
Sample
Condo generator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
Condo generator.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
Condo generator.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Condo generator.exe
-
Size
15.0MB
-
MD5
9b4f30c8171b1ed05efbd39090f83ca3
-
SHA1
a9754ed60a1a72bd21c9d4ab86cfdd450918c820
-
SHA256
86a3edf01329f734d35dbd4e263228b728bc4bcee07c795953ee27e2ea70d0dd
-
SHA512
5fb08c71f2da738fc26b45e1c7fa8227896f024a9a8bc49d0c31ad96fa9248e019eb0d78aea637fa6d9fe143b86dc3dc0b8188c1daa7ce64a87fe7e3674263cc
-
SSDEEP
196608:myHYrwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jh:VIHziK1piXLGVE4Ue0VJN
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3