General
-
Target
Epic Checker.rar
-
Size
7.9MB
-
Sample
241129-qyx91sykat
-
MD5
8cdee71270279e291b2f657ea3f67884
-
SHA1
438990fddee677933295be58b95db110ada53128
-
SHA256
eee4cedb41e61dbfd4c6b7838b57661a2fffdda006a1bc957d23d703ec316901
-
SHA512
20cb93ec4684c6bde50232cd5759d33558bd6ad4c4fb4258729573af114dce183fd877e22c5900fb323697017d798e80a940db3d35dcc839485ab7c060b8f407
-
SSDEEP
196608:8s0FablHYct8o9lXK1TbYIZMKwba7rV1l4Trzs:JKablsojGf3MKwbavlczs
Malware Config
Targets
-
-
Target
spoofer/EpicChecker.py
-
Size
343KB
-
MD5
77610a0efc73f8bc23701e7eb562774d
-
SHA1
f43271a587514c72fc2c1c6413b85baf7dc2ec3b
-
SHA256
3986eba75cdda51b6a24958f7958c5d66119ae8423af870999a51e1af38c6056
-
SHA512
267a1d800127e73952201cfade533307378df9456242cdb126a74be9bf0379926ac7101ea0a1eb3619623a4416457ec0d2cfa055a8c36ac4582570aa653dc13c
-
SSDEEP
3072:sUpKK0dh84Ds0dh8z70kp9/ZE97aV39IcZ:FpKK0dh84w0dh8zYkzb
Score3/10 -
-
-
Target
spoofer/crack.dll
-
Size
2.3MB
-
MD5
a99ecd8ec643dc9db372736fd6fd8eb5
-
SHA1
91e8270faf4666ca60d9b41ece1dd3f25c0fd8fd
-
SHA256
6fa983aab41fbe45a79236330245c49fbb318b75efb4bc6b78fa551d29ace518
-
SHA512
a8cd99023e6db3352a96ac7179acc5ae9e09e186f1a9ff55672fdac520821ef51cc48a7ac821b862966959ab174b49f17057744491656b9832b6dda61fd157bd
-
SSDEEP
49152:IK+yy5eom+KbDbF7BBLz1iYCY6nWefdmjLdGGf:Zom+Kbtz1iYCY6HfdmjLdGGf
Score1/10 -
-
-
Target
spoofer/mapper.exe
-
Size
7.5MB
-
MD5
4f8ee6ff1ed295b4227a8e9e536c9a48
-
SHA1
204116eef3f0d564240d4082d5dea7c89d98495e
-
SHA256
e29649ae22328d57f3f6ec42d10bdf496b3d62351e6c90ab070f9bd966e22cfc
-
SHA512
441941116f6c815dbed18639a519aae55d494b199625c22e668a54e1583fe14181fb464047e951391efc4b6740eb25a59040f13c13cc7fcc5d833400cb2d69ae
-
SSDEEP
196608:9hgFO2gDwfI9jUC2gYBYv3vbW5+iITm1U6fE:8FO2gwIH2gYBgDW4TOzc
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3