General

  • Target

    255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f.zip

  • Size

    5.8MB

  • Sample

    241123-16nqnawjgm

  • MD5

    b686ae34ea32a22c4bcd3c3bbb7b800e

  • SHA1

    4249636570d2301578c51fde115967eb0d352d9b

  • SHA256

    e49a01639e630f9f9247550c503dc4798aa4221751e2b342c4ba942f356e9034

  • SHA512

    a775390f068a97de9c4c4b58098a8495ac14a17a7370dcf1bcd9d6f0bc87c224444d86ff2eec79b072b00701558b56aac97196bafaf084a85cc5cda8f37f7721

  • SSDEEP

    98304:a3aNPoqlUAFlfdQXF5AqJMRunjMuhp9/R9WZ/iDN2iqK/71ms6YkY1ifi6VC6:rZX0zAqJHnIuhptOZoN2DK/71msBAiaj

Malware Config

Targets

    • Target

      255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f.exe

    • Size

      6.0MB

    • MD5

      b2fe874c2e11c56edf05c5250a8c966f

    • SHA1

      06d6e28c3cb46e06195a5f8c360d8eeaddfb1c06

    • SHA256

      255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f

    • SHA512

      915ec47beaf9a572c135fe0ddcccf2bb18b6620dcaf9fc8069436e4fe8d3dce15424c3043b45668c7c4f81e513bb731d7bd310eacea6ea1e01cb019b1cc71b90

    • SSDEEP

      98304:skEtdFBCm/I5NamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOnAKuP/ty/:szFIm/PeN/FJMIDJf0gsAGK4R0nAKuXq

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks