General
-
Target
Hell.gen.rar
-
Size
17.6MB
-
Sample
241121-rglekaspay
-
MD5
fc645e1ebfae029dd49166e86d7e3a2f
-
SHA1
220502a84b91c5dedf741dcc79433293ac5e69a1
-
SHA256
df42a40b912da477588cb2953758d95d741d197015394c4084aa4d4d78b5e345
-
SHA512
b3432334c289d5fae112cbe3a5c7649292e8607b9e4328fc0d31667dc1bd65e5c395862fee8d389a1fec17b877fc1f14274486a62b1b134f9511a9224aa1e7e9
-
SSDEEP
393216:HPrVyH/S8vWnVe4H2lXFf20yPDhyS22l78FnmVXT+rdsW3Be65Sw1kbBc1XdnxKH:HPJYS8viVe4H2koS2agnC+xJBf5obBcW
Malware Config
Targets
-
-
Target
hell's generator (1).exe
-
Size
17.8MB
-
MD5
fd6b2eb34707a78c796fe7077b6940db
-
SHA1
a186670a07f032b2c8e8989c7c9cf8f856f27cac
-
SHA256
560c9fb5d1c9753ec2b52e50e9a9b4fbc468793cfab5e313ba6521af4132c20c
-
SHA512
452a0394a5f6ecba7ead49994aa93bdb447dc8109600cec455910602f77d0b8f60d8cdd41beb517179b0f88e00c902a999a28760cdb70f3c1ba593fd9317b37e
-
SSDEEP
393216:4qPnLFCKI8QGQ8DOETgsvfGwxSzB9JFwOYDJ:pPLFCKI+QhEwB
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
main.pyc
-
Size
1KB
-
MD5
37fd935740a7d338ee5e07980702c089
-
SHA1
00fc01b93aa28f366d8185a684b82318dc32d896
-
SHA256
2b75d2651dd907bfa51034bdfd6ad765907fcd036197c7b00f321fd8d1efc253
-
SHA512
c601c531f02f1ecb04c97d835efd61fe82b92912a2926c798a5d2232cacfe87b0ef7b825f0ad9180e46cb1e13db20e5313d1233364bb2a0e16e40d2b180f56b9
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1