General
-
Target
Built.exe
-
Size
8.2MB
-
Sample
241124-j3d9da1paw
-
MD5
5ee0a00ae8a26984dd9638326e4ebca7
-
SHA1
6fab32c0e26cd0851b5e3660062db64e31d06244
-
SHA256
292e1ade7a6fc8629fe319207cf6380b1410748553f060c578541c8317988d45
-
SHA512
7767532e0c6376634957cd8d2c157e00baaa65ea81ecc2711ec50a18adfd9d0b191507d6e1ae381fbcc244d265961ef9a76dd6f7f6eeba9f7a72b486953bdbbd
-
SSDEEP
196608:SDgCPtwfI9jUC2gYBYv3vbW4SEA+iITm1U6fi:7CPiIH2gYBgDWZ+TOza
Malware Config
Targets
-
-
Target
Built.exe
-
Size
8.2MB
-
MD5
5ee0a00ae8a26984dd9638326e4ebca7
-
SHA1
6fab32c0e26cd0851b5e3660062db64e31d06244
-
SHA256
292e1ade7a6fc8629fe319207cf6380b1410748553f060c578541c8317988d45
-
SHA512
7767532e0c6376634957cd8d2c157e00baaa65ea81ecc2711ec50a18adfd9d0b191507d6e1ae381fbcc244d265961ef9a76dd6f7f6eeba9f7a72b486953bdbbd
-
SSDEEP
196608:SDgCPtwfI9jUC2gYBYv3vbW4SEA+iITm1U6fi:7CPiIH2gYBgDWZ+TOza
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3