General
-
Target
CMD Stealer.zip
-
Size
5.8MB
-
Sample
241123-19lepswlap
-
MD5
296a693438e779008a5fa2fc7ad5e9ce
-
SHA1
a583e13aefdac3185b4127bb4f85023b59765e7c
-
SHA256
ed63fc9481569770bd59d936ee466475235ffb02b57c7a49e75d49f28e81f4bb
-
SHA512
641cd05c01bc9bdd3f9ac0e48e7f784eb68298475e0fa6cf2f4c026bdff0c2a0403bd70430561c47a317492a0736e2cb0b0066e51d6b72c9a3387db372bb491a
-
SSDEEP
98304:9wl4udxPTR44/szfM+aHtnpeymmMv1LdA1TN9pNAbxfEeRy2snE+2+pPOHmcaG5g:9sPl44/ped5d6exfhg2sE+2+pmHmcaGy
Malware Config
Targets
-
-
Target
CMD Stealer.zip
-
Size
5.8MB
-
MD5
296a693438e779008a5fa2fc7ad5e9ce
-
SHA1
a583e13aefdac3185b4127bb4f85023b59765e7c
-
SHA256
ed63fc9481569770bd59d936ee466475235ffb02b57c7a49e75d49f28e81f4bb
-
SHA512
641cd05c01bc9bdd3f9ac0e48e7f784eb68298475e0fa6cf2f4c026bdff0c2a0403bd70430561c47a317492a0736e2cb0b0066e51d6b72c9a3387db372bb491a
-
SSDEEP
98304:9wl4udxPTR44/szfM+aHtnpeymmMv1LdA1TN9pNAbxfEeRy2snE+2+pPOHmcaG5g:9sPl44/ped5d6exfhg2sE+2+pmHmcaGy
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-