General

  • Target

    43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.zip

  • Size

    14.1MB

  • Sample

    241123-2ayreszkht

  • MD5

    6d834cbd1890852162f7aee19f772a6f

  • SHA1

    18478a2e2ff78b85e171c586a707da3afe353c35

  • SHA256

    493f34b6765249c2e1c895a67c4c710ef04eed6481766a701dff9aa47a1b5026

  • SHA512

    d7e64cbfcad0d1d581d51f34e639e071e37b691263dedf5a74f4b36f138313245f7b614c9f8c4def36cdd61fdb2ab3908080be2d1aa72ee482ac50924a2e7a3c

  • SSDEEP

    393216:IxtN7LULp/bcHid3IxVswMJT1E0RJM6DW94yJ2zkNcd:IxTnULpV/eiTfyJQkNcd

Malware Config

Targets

    • Target

      43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357.exe

    • Size

      14.3MB

    • MD5

      111f77941b7654e8c728a77b49b11969

    • SHA1

      6f7dc6e8ed6fca87966226be1b05ec5aaa1639cb

    • SHA256

      43ac48fa6e49b57b5886628fc841d13f3acd39a865097efa3196c564e86b6357

    • SHA512

      3f78050f7687e64152313ac130e406e8b886e3510d066b66db15cbc6bacb458a7e77410150f625030149c22ebd237c7c40847b13b67c3b19ff45998352d70998

    • SSDEEP

      196608:Iw0sKYu/PaQ+DuvfcdQmRJ8dA6lSuqaycBIGpEqo6hTOv+QKfwJDEENxgTkSGlyP:1QQdQuslSq9RoWOv+9fgDfMIyvBF

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks