Resubmissions

20-11-2024 19:47

241120-yhwegssjgy 10

20-11-2024 17:25

241120-vzg2msvkhn 10

General

  • Target

    Xeno.exe

  • Size

    18.7MB

  • Sample

    241120-vzg2msvkhn

  • MD5

    6a9c62338c4c9b550396a9d6b6830722

  • SHA1

    fa09434533faf5c7ba69a4e2e71499a533139340

  • SHA256

    b3bf71debbb93701a50fb5057ae578e26453e502a746c419a91003a4e0c972d4

  • SHA512

    b5527eca4030f2e033047ddf075a6ba106357a2c1d7e1066dab7d44f8e8b44c324e0bbea42014a7bcb619f2dd6a71bbd0597561e034f827bc90a0db40b72c8c5

  • SSDEEP

    393216:XqPnLFXlrMQpDOETgsvfGfg0z1qJ6Zjqb3FQWRRgdx3:aPLFXNMQoEARhzNSQERe

Malware Config

Targets

    • Target

      Xeno.exe

    • Size

      18.7MB

    • MD5

      6a9c62338c4c9b550396a9d6b6830722

    • SHA1

      fa09434533faf5c7ba69a4e2e71499a533139340

    • SHA256

      b3bf71debbb93701a50fb5057ae578e26453e502a746c419a91003a4e0c972d4

    • SHA512

      b5527eca4030f2e033047ddf075a6ba106357a2c1d7e1066dab7d44f8e8b44c324e0bbea42014a7bcb619f2dd6a71bbd0597561e034f827bc90a0db40b72c8c5

    • SSDEEP

      393216:XqPnLFXlrMQpDOETgsvfGfg0z1qJ6Zjqb3FQWRRgdx3:aPLFXNMQoEARhzNSQERe

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks