Resubmissions

04-12-2024 22:34

241204-2g8vzazrgj 10

04-12-2024 18:24

241204-w2cqdavlds 10

04-12-2024 14:03

241204-rcqhqaspfn 10

04-12-2024 00:00

241204-aaq8ss1mdw 10

03-12-2024 22:46

241203-2p4afstnfk 10

03-12-2024 22:13

241203-15cxrsxjcz 10

03-12-2024 15:13

241203-sl2g1swler 10

03-12-2024 01:15

241203-bmek7sslf1 10

02-12-2024 19:05

241202-xrfvqatlep 10

02-12-2024 18:48

241202-xfr4lsxkay 10

General

  • Target

    Custom-Rust.exe

  • Size

    8.1MB

  • Sample

    241130-fml3hatmbz

  • MD5

    31ae3b0534364fe6e1fb45864d96615d

  • SHA1

    92ab7d91b0356b4b04a08ad47f516ec8b988624a

  • SHA256

    2ab8c47033a3ecba0a53d521722d730a8701932eeb94dd1886de519a49eb1975

  • SHA512

    00db0afb795c21575339af9444cc674d59b064e385f064360ec1348d1078b48169a29afb003fbe35cc1b5248da305b46a5fe20bbecf2f5d6a3c2380fddf6b7ef

  • SSDEEP

    196608:ZO0cDoLjv+bhqNVoBKUh8mz4Iv9PeSEzv1DVn:JiIL+9qz8/b4IpEv3n

Malware Config

Targets

    • Target

      Custom-Rust.exe

    • Size

      8.1MB

    • MD5

      31ae3b0534364fe6e1fb45864d96615d

    • SHA1

      92ab7d91b0356b4b04a08ad47f516ec8b988624a

    • SHA256

      2ab8c47033a3ecba0a53d521722d730a8701932eeb94dd1886de519a49eb1975

    • SHA512

      00db0afb795c21575339af9444cc674d59b064e385f064360ec1348d1078b48169a29afb003fbe35cc1b5248da305b46a5fe20bbecf2f5d6a3c2380fddf6b7ef

    • SSDEEP

      196608:ZO0cDoLjv+bhqNVoBKUh8mz4Iv9PeSEzv1DVn:JiIL+9qz8/b4IpEv3n

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks