General

  • Target

    Epic Checker.rar

  • Size

    7.9MB

  • Sample

    241129-qyx91sykat

  • MD5

    8cdee71270279e291b2f657ea3f67884

  • SHA1

    438990fddee677933295be58b95db110ada53128

  • SHA256

    eee4cedb41e61dbfd4c6b7838b57661a2fffdda006a1bc957d23d703ec316901

  • SHA512

    20cb93ec4684c6bde50232cd5759d33558bd6ad4c4fb4258729573af114dce183fd877e22c5900fb323697017d798e80a940db3d35dcc839485ab7c060b8f407

  • SSDEEP

    196608:8s0FablHYct8o9lXK1TbYIZMKwba7rV1l4Trzs:JKablsojGf3MKwbavlczs

Malware Config

Targets

    • Target

      spoofer/EpicChecker.py

    • Size

      343KB

    • MD5

      77610a0efc73f8bc23701e7eb562774d

    • SHA1

      f43271a587514c72fc2c1c6413b85baf7dc2ec3b

    • SHA256

      3986eba75cdda51b6a24958f7958c5d66119ae8423af870999a51e1af38c6056

    • SHA512

      267a1d800127e73952201cfade533307378df9456242cdb126a74be9bf0379926ac7101ea0a1eb3619623a4416457ec0d2cfa055a8c36ac4582570aa653dc13c

    • SSDEEP

      3072:sUpKK0dh84Ds0dh8z70kp9/ZE97aV39IcZ:FpKK0dh84w0dh8zYkzb

    Score
    3/10
    • Target

      spoofer/crack.dll

    • Size

      2.3MB

    • MD5

      a99ecd8ec643dc9db372736fd6fd8eb5

    • SHA1

      91e8270faf4666ca60d9b41ece1dd3f25c0fd8fd

    • SHA256

      6fa983aab41fbe45a79236330245c49fbb318b75efb4bc6b78fa551d29ace518

    • SHA512

      a8cd99023e6db3352a96ac7179acc5ae9e09e186f1a9ff55672fdac520821ef51cc48a7ac821b862966959ab174b49f17057744491656b9832b6dda61fd157bd

    • SSDEEP

      49152:IK+yy5eom+KbDbF7BBLz1iYCY6nWefdmjLdGGf:Zom+Kbtz1iYCY6HfdmjLdGGf

    Score
    1/10
    • Target

      spoofer/mapper.exe

    • Size

      7.5MB

    • MD5

      4f8ee6ff1ed295b4227a8e9e536c9a48

    • SHA1

      204116eef3f0d564240d4082d5dea7c89d98495e

    • SHA256

      e29649ae22328d57f3f6ec42d10bdf496b3d62351e6c90ab070f9bd966e22cfc

    • SHA512

      441941116f6c815dbed18639a519aae55d494b199625c22e668a54e1583fe14181fb464047e951391efc4b6740eb25a59040f13c13cc7fcc5d833400cb2d69ae

    • SSDEEP

      196608:9hgFO2gDwfI9jUC2gYBYv3vbW5+iITm1U6fE:8FO2gwIH2gYBgDW4TOzc

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.