Resubmissions
25-11-2024 01:29
241125-bwq1la1key 1024-11-2024 23:28
241124-3gcm7svrd1 1024-11-2024 23:05
241124-223vfszrer 1024-11-2024 22:40
241124-2lw2zatmgx 1024-11-2024 22:01
241124-1w6tgssjey 1024-11-2024 21:56
241124-1tt2xa1rdw 1024-11-2024 21:54
241124-1sn49sxmgq 1023-11-2024 21:50
241123-1p5b3svkdn 1023-11-2024 18:54
241123-xkn8hsxkhp 1021-11-2024 00:35
241121-axm5nawgkc 10General
-
Target
HeilHitler.exe
-
Size
6.0MB
-
Sample
241125-bwq1la1key
-
MD5
aeab677edfb0b7838ad440c071a04965
-
SHA1
9855bbfe1e4d729853c1d3fd5e51a6d767cf8203
-
SHA256
e465cccde051595262dc76359e4a06279341b4292901a49061cf9fa1386119df
-
SHA512
567dd7cd29f4c35e0d99470628535fddb6f801ce36708003d9a6cc95a0933b613e221c07347040746e4ee174322c02b8da4c59828b79a963ff69c9378a735849
-
SSDEEP
98304:0bEtdFBg0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BMnM3JfFTW:0SFceN/FJMIDJf0gsAGK4R0un+TW
Behavioral task
behavioral1
Sample
HeilHitler.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
HeilHitler.exe
-
Size
6.0MB
-
MD5
aeab677edfb0b7838ad440c071a04965
-
SHA1
9855bbfe1e4d729853c1d3fd5e51a6d767cf8203
-
SHA256
e465cccde051595262dc76359e4a06279341b4292901a49061cf9fa1386119df
-
SHA512
567dd7cd29f4c35e0d99470628535fddb6f801ce36708003d9a6cc95a0933b613e221c07347040746e4ee174322c02b8da4c59828b79a963ff69c9378a735849
-
SSDEEP
98304:0bEtdFBg0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BMnM3JfFTW:0SFceN/FJMIDJf0gsAGK4R0un+TW
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3