Overview
overview
10Static
static
10Greber/Create app.exe
windows7-x64
7Greber/Create app.exe
windows10-2004-x64
8Greber/GH ...64.dll
windows7-x64
1Greber/GH ...64.dll
windows10-2004-x64
1Greber/GH ...86.dll
windows7-x64
3Greber/GH ...86.dll
windows10-2004-x64
3Greber/GH ...64.exe
windows7-x64
1Greber/GH ...64.exe
windows10-2004-x64
1General
-
Target
be95ad148b9ac11f653db6e748da23f4d01c2c54de4678f5f377f5779cbe8b72
-
Size
6.9MB
-
Sample
241129-3m8ylaslgy
-
MD5
c9a304b365b2ec222af490f753b4e68d
-
SHA1
e2ca96d4f0760b6f6aae24715d7ebda5886d6f81
-
SHA256
be95ad148b9ac11f653db6e748da23f4d01c2c54de4678f5f377f5779cbe8b72
-
SHA512
6f8bb9c1ea9c9831bc207ff0583f533fc7664e25d65a7d44a38c036ab34b5059aa314773d6f6b7aa0345385989da66b24ef107366edd338e45479c87f48304cf
-
SSDEEP
98304:3vQMom/kmLq16TX2OdRqRJIkQPEf/HeyAMZpp+sR+1S68HNl4qMEj1q3j9uMY6q:3sSdcGXndrPE3erMpRkqR5Rk9Fq
Behavioral task
behavioral1
Sample
Greber/Create app.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Greber/Create app.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Greber/GH Injector - x64.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Greber/GH Injector - x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Greber/GH Injector - x86.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
Greber/GH Injector - x86.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Greber/GH Injector SWHEX - x64.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Greber/GH Injector SWHEX - x64.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Greber/Create app.exe
-
Size
6.9MB
-
MD5
daf401bcb8798795f4ef6b97845cdc97
-
SHA1
469cc0adc7b457fff82ff9db7dd00d8dd142e62d
-
SHA256
87ff9011222048726911a86de021f2787d3fbba758ad3c97b9ab72461b4574af
-
SHA512
f35f9de788ce9fdc9ee5d88fd1e186c83f5b91f2ed5da55202d08bd3e8fae3396409081639f4b728a8413853d88e4824af533a2cede79edd47f703184cd6f1d7
-
SSDEEP
98304:+a+vITBg6gHamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkzmas5J1n6ksB0rNHMo:+VIsqeNlpYfMQc2sEhn6ksqV
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Greber/GH Injector - x64.dll
-
Size
80KB
-
MD5
577098d13cce86f097dbd5ed3d7f841a
-
SHA1
853df164b60d351d236b3494dfe34a6d1ea62eaa
-
SHA256
3de027f62dc95df4696ed8b526046ee69eb7c1ab53712368d2a9a4ca4bb595c9
-
SHA512
4a24bb69ff360cea62e1818ef2a818d3d7d2faa6c7e7f5f9829dee2654b7a787689839d5ba4baedc5dfaaff5a7fff39e8ab99b43433bb95fa0af0e84c48cda8e
-
SSDEEP
1536:6y/F6lrEqQ+Q+r2S6F3zQh7rPgCSL0/M+7:ErY+laSs3zQ5PgCS4U+7
Score1/10 -
-
-
Target
Greber/GH Injector - x86.dll
-
Size
54KB
-
MD5
a90f82ec592f7d7bafe379947bc976ef
-
SHA1
fde0997a72c95d4c37fbaf0d47b2d35782c9695f
-
SHA256
57fe4aac342425fe7f1c24600b3c9781ce9f73e98905df5858480cb8ca8ea631
-
SHA512
d7f0738ef1e495546c5eee00270cb95cd453a832d00066625aa9a87a9ea0319399118d81796b8aff02002df63b773ca9392ea24b5792d55f158e9560eb832dd2
-
SSDEEP
768:ow+gyUC/9zDP1XO5mvQRI6qqsciMCUX8VzK3+nO+t4YZQ8AN7zPkFg8s/4PU:CL/5KDHrC08VzK3+nO+t4YypCgbz
Score3/10 -
-
-
Target
Greber/GH Injector SWHEX - x64.exe
-
Size
27KB
-
MD5
e80faaf635cc8a67ce128a77db91cf5a
-
SHA1
581f8f3651fba45287e211e55a4dc019428e98d9
-
SHA256
550e76bcffc9835e18d0558a1295c5517ff636b20ee4620fb8ba29d45b3be3dc
-
SHA512
e5fc5e9f8664ec5ce3acd789da568c0800a1a2b1861beb05c5d5ce2f329e9141d1dba71e32907500f54c3cbc18ad9ef7bde0ccce716ff9dd27c00318cf4ed506
-
SSDEEP
384:LxEJhfsQhDNzF0lJF+zhec97YBKn1/6C3zy6Yor5a3/6+l+S5K:NQhDtClal/n1/hzy6xrI3Jlj
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1