General

  • Target

    be95ad148b9ac11f653db6e748da23f4d01c2c54de4678f5f377f5779cbe8b72

  • Size

    6.9MB

  • Sample

    241129-3m8ylaslgy

  • MD5

    c9a304b365b2ec222af490f753b4e68d

  • SHA1

    e2ca96d4f0760b6f6aae24715d7ebda5886d6f81

  • SHA256

    be95ad148b9ac11f653db6e748da23f4d01c2c54de4678f5f377f5779cbe8b72

  • SHA512

    6f8bb9c1ea9c9831bc207ff0583f533fc7664e25d65a7d44a38c036ab34b5059aa314773d6f6b7aa0345385989da66b24ef107366edd338e45479c87f48304cf

  • SSDEEP

    98304:3vQMom/kmLq16TX2OdRqRJIkQPEf/HeyAMZpp+sR+1S68HNl4qMEj1q3j9uMY6q:3sSdcGXndrPE3erMpRkqR5Rk9Fq

Malware Config

Targets

    • Target

      Greber/Create app.exe

    • Size

      6.9MB

    • MD5

      daf401bcb8798795f4ef6b97845cdc97

    • SHA1

      469cc0adc7b457fff82ff9db7dd00d8dd142e62d

    • SHA256

      87ff9011222048726911a86de021f2787d3fbba758ad3c97b9ab72461b4574af

    • SHA512

      f35f9de788ce9fdc9ee5d88fd1e186c83f5b91f2ed5da55202d08bd3e8fae3396409081639f4b728a8413853d88e4824af533a2cede79edd47f703184cd6f1d7

    • SSDEEP

      98304:+a+vITBg6gHamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkzmas5J1n6ksB0rNHMo:+VIsqeNlpYfMQc2sEhn6ksqV

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Greber/GH Injector - x64.dll

    • Size

      80KB

    • MD5

      577098d13cce86f097dbd5ed3d7f841a

    • SHA1

      853df164b60d351d236b3494dfe34a6d1ea62eaa

    • SHA256

      3de027f62dc95df4696ed8b526046ee69eb7c1ab53712368d2a9a4ca4bb595c9

    • SHA512

      4a24bb69ff360cea62e1818ef2a818d3d7d2faa6c7e7f5f9829dee2654b7a787689839d5ba4baedc5dfaaff5a7fff39e8ab99b43433bb95fa0af0e84c48cda8e

    • SSDEEP

      1536:6y/F6lrEqQ+Q+r2S6F3zQh7rPgCSL0/M+7:ErY+laSs3zQ5PgCS4U+7

    Score
    1/10
    • Target

      Greber/GH Injector - x86.dll

    • Size

      54KB

    • MD5

      a90f82ec592f7d7bafe379947bc976ef

    • SHA1

      fde0997a72c95d4c37fbaf0d47b2d35782c9695f

    • SHA256

      57fe4aac342425fe7f1c24600b3c9781ce9f73e98905df5858480cb8ca8ea631

    • SHA512

      d7f0738ef1e495546c5eee00270cb95cd453a832d00066625aa9a87a9ea0319399118d81796b8aff02002df63b773ca9392ea24b5792d55f158e9560eb832dd2

    • SSDEEP

      768:ow+gyUC/9zDP1XO5mvQRI6qqsciMCUX8VzK3+nO+t4YZQ8AN7zPkFg8s/4PU:CL/5KDHrC08VzK3+nO+t4YypCgbz

    Score
    3/10
    • Target

      Greber/GH Injector SWHEX - x64.exe

    • Size

      27KB

    • MD5

      e80faaf635cc8a67ce128a77db91cf5a

    • SHA1

      581f8f3651fba45287e211e55a4dc019428e98d9

    • SHA256

      550e76bcffc9835e18d0558a1295c5517ff636b20ee4620fb8ba29d45b3be3dc

    • SHA512

      e5fc5e9f8664ec5ce3acd789da568c0800a1a2b1861beb05c5d5ce2f329e9141d1dba71e32907500f54c3cbc18ad9ef7bde0ccce716ff9dd27c00318cf4ed506

    • SSDEEP

      384:LxEJhfsQhDNzF0lJF+zhec97YBKn1/6C3zy6Yor5a3/6+l+S5K:NQhDtClal/n1/hzy6xrI3Jlj

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks