General
-
Target
main.exe
-
Size
18.7MB
-
Sample
241118-btgn5svglk
-
MD5
21f1a1a1969d36267f138410c1ce4943
-
SHA1
a0fce60fa28aa50f01cc2134603933a4fad8149b
-
SHA256
d3193df545e3283326d7459fa68ba290f53dde5ae545c514442fc48e5852cedf
-
SHA512
928ad11d28f020c3fd6c13163f0426f6cbd29f472ffae127191c0cab32a68c8d69744aff58cc35912b74a870e8d30033278dcc264bbac36c0710b20dc729898c
-
SSDEEP
393216:fqPnLFXlrrzQMDOETgsmlfGNPg6ju4hvE20+RqrvGdKCSq:yPLFXNPQREzLB22j4GdN
Malware Config
Targets
-
-
Target
main.exe
-
Size
18.7MB
-
MD5
21f1a1a1969d36267f138410c1ce4943
-
SHA1
a0fce60fa28aa50f01cc2134603933a4fad8149b
-
SHA256
d3193df545e3283326d7459fa68ba290f53dde5ae545c514442fc48e5852cedf
-
SHA512
928ad11d28f020c3fd6c13163f0426f6cbd29f472ffae127191c0cab32a68c8d69744aff58cc35912b74a870e8d30033278dcc264bbac36c0710b20dc729898c
-
SSDEEP
393216:fqPnLFXlrrzQMDOETgsmlfGNPg6ju4hvE20+RqrvGdKCSq:yPLFXNPQREzLB22j4GdN
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1