Resubmissions

17-11-2024 07:16

241117-h38bsavakd 10

General

  • Target

    Depart.exe

  • Size

    7.4MB

  • Sample

    241117-h38bsavakd

  • MD5

    600ff2b2bc06dc4349d23066f49fb171

  • SHA1

    229f87b2653ec2362fc227ad770a1a2718134f2d

  • SHA256

    a04e02f81cb59df2544fcb69df9489cd78444f05eda3db63260a2c62134718fd

  • SHA512

    1bbfcf2c3e4f66046db1f2deec32371e9072a9d732e590dcd812bb6eec53c335af483f4b741a87eba214175df29c88dea0cf62f43e495493ff2de5ab8eac3664

  • SSDEEP

    98304:ElSi8TRtlurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh112mJR:EUNlurErvI9pWjgfPvzm6gsFEF4fZ

Malware Config

Targets

    • Target

      Depart.exe

    • Size

      7.4MB

    • MD5

      600ff2b2bc06dc4349d23066f49fb171

    • SHA1

      229f87b2653ec2362fc227ad770a1a2718134f2d

    • SHA256

      a04e02f81cb59df2544fcb69df9489cd78444f05eda3db63260a2c62134718fd

    • SHA512

      1bbfcf2c3e4f66046db1f2deec32371e9072a9d732e590dcd812bb6eec53c335af483f4b741a87eba214175df29c88dea0cf62f43e495493ff2de5ab8eac3664

    • SSDEEP

      98304:ElSi8TRtlurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EwKhOh112mJR:EUNlurErvI9pWjgfPvzm6gsFEF4fZ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks