General
-
Target
cmd.exe.bin
-
Size
6.0MB
-
Sample
241123-xkedba1kcv
-
MD5
b2fe874c2e11c56edf05c5250a8c966f
-
SHA1
06d6e28c3cb46e06195a5f8c360d8eeaddfb1c06
-
SHA256
255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f
-
SHA512
915ec47beaf9a572c135fe0ddcccf2bb18b6620dcaf9fc8069436e4fe8d3dce15424c3043b45668c7c4f81e513bb731d7bd310eacea6ea1e01cb019b1cc71b90
-
SSDEEP
98304:skEtdFBCm/I5NamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOnAKuP/ty/:szFIm/PeN/FJMIDJf0gsAGK4R0nAKuXq
Malware Config
Targets
-
-
Target
cmd.exe.bin
-
Size
6.0MB
-
MD5
b2fe874c2e11c56edf05c5250a8c966f
-
SHA1
06d6e28c3cb46e06195a5f8c360d8eeaddfb1c06
-
SHA256
255113355555cad23594618b606e851b38bcf588d902ec2678bb893582a90a4f
-
SHA512
915ec47beaf9a572c135fe0ddcccf2bb18b6620dcaf9fc8069436e4fe8d3dce15424c3043b45668c7c4f81e513bb731d7bd310eacea6ea1e01cb019b1cc71b90
-
SSDEEP
98304:skEtdFBCm/I5NamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RxOnAKuP/ty/:szFIm/PeN/FJMIDJf0gsAGK4R0nAKuXq
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-