General

  • Target

    EvadeSpoofer.exe.unsafe

  • Size

    17.9MB

  • Sample

    241128-y7latavmdn

  • MD5

    9b4692d2cfef74cc6a72b8ac2c765dca

  • SHA1

    08896d5ca172aabc70f3844e7fed93a2886d1250

  • SHA256

    0e32103bf0e6bb02a30f1c5fcf7f214025eeb8e9d3eb406bf4d94948c1f02f05

  • SHA512

    30b4840532361aa4d198d052b845fd02eae0e12d2b1738b8ccefe15e08cd9d9a109faca481467f233f2b645c33577ad0a23990b7628a65cdf012b1530b17f8e5

  • SSDEEP

    393216:JqPnLFXlrVQMDOETgsvfGBgqurQvEI5Z0/yvU9q:APLFXNVQREYnUEQyd

Malware Config

Targets

    • Target

      EvadeSpoofer.exe.unsafe

    • Size

      17.9MB

    • MD5

      9b4692d2cfef74cc6a72b8ac2c765dca

    • SHA1

      08896d5ca172aabc70f3844e7fed93a2886d1250

    • SHA256

      0e32103bf0e6bb02a30f1c5fcf7f214025eeb8e9d3eb406bf4d94948c1f02f05

    • SHA512

      30b4840532361aa4d198d052b845fd02eae0e12d2b1738b8ccefe15e08cd9d9a109faca481467f233f2b645c33577ad0a23990b7628a65cdf012b1530b17f8e5

    • SSDEEP

      393216:JqPnLFXlrVQMDOETgsvfGBgqurQvEI5Z0/yvU9q:APLFXNVQREYnUEQyd

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks