Resubmissions

25-11-2024 21:57

241125-1vdfjsvpcl 10

25-11-2024 20:49

241125-zl98gsslfk 10

25-11-2024 19:36

241125-ybcc2asnbz 10

25-11-2024 19:08

241125-xtl5hsxrcq 10

25-11-2024 17:23

241125-vx8rkstqdq 10

25-11-2024 14:17

241125-rl2x4s1jaw 10

25-11-2024 14:17

241125-rlywfsxkem 10

25-11-2024 01:29

241125-bwq1la1key 10

24-11-2024 23:28

241124-3gcm7svrd1 10

24-11-2024 23:05

241124-223vfszrer 10

General

  • Target

    HeilHitler.exe

  • Size

    6.0MB

  • Sample

    241125-rl2x4s1jaw

  • MD5

    aeab677edfb0b7838ad440c071a04965

  • SHA1

    9855bbfe1e4d729853c1d3fd5e51a6d767cf8203

  • SHA256

    e465cccde051595262dc76359e4a06279341b4292901a49061cf9fa1386119df

  • SHA512

    567dd7cd29f4c35e0d99470628535fddb6f801ce36708003d9a6cc95a0933b613e221c07347040746e4ee174322c02b8da4c59828b79a963ff69c9378a735849

  • SSDEEP

    98304:0bEtdFBg0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BMnM3JfFTW:0SFceN/FJMIDJf0gsAGK4R0un+TW

Malware Config

Targets

    • Target

      HeilHitler.exe

    • Size

      6.0MB

    • MD5

      aeab677edfb0b7838ad440c071a04965

    • SHA1

      9855bbfe1e4d729853c1d3fd5e51a6d767cf8203

    • SHA256

      e465cccde051595262dc76359e4a06279341b4292901a49061cf9fa1386119df

    • SHA512

      567dd7cd29f4c35e0d99470628535fddb6f801ce36708003d9a6cc95a0933b613e221c07347040746e4ee174322c02b8da4c59828b79a963ff69c9378a735849

    • SSDEEP

      98304:0bEtdFBg0amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0BMnM3JfFTW:0SFceN/FJMIDJf0gsAGK4R0un+TW

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks