General

  • Target

    PvtHooks.rar

  • Size

    7.3MB

  • Sample

    241130-gyy2wawpcv

  • MD5

    f2f2bc99451966cbe5d3eac82d04c192

  • SHA1

    91ecfd21be0f9df10ace16606a8e83063d20aece

  • SHA256

    899517a9868cd13a0598c60129bc8050a0d5afc6259c9108a59c8a7f26a1e2ed

  • SHA512

    39dfd96ceb1fb11745ed51b6ee0085a4dd94a563490e5ee4b313838615c373de282b75247eefcfaf1d514d5bcf3336783832046e216ed8adf69cfadde4bb63a5

  • SSDEEP

    196608:EXHOAPIky5foxxnbmG5B5oMzdt5CmfdTyb/XE:EXOAxJ3nCqhzZfd+r0

Malware Config

Targets

    • Target

      Pvt Hooks/ascendhookopus.dll

    • Size

      4.8MB

    • MD5

      8649ae5a732bc808f228677b27a1e9b6

    • SHA1

      95775c451ed9604d9753465d8cc4d52ca1cb58a4

    • SHA256

      b39781589c4403fb82174c9647a010464cff38bad976547d339899b00053a545

    • SHA512

      9b6e678f35f776c7a14b35998c4a5682c26de1cc59347c55f3744d216a9ba038d077317fe5a80d6de1903f9788f7ab58c04535213b43777b0003b857800d4525

    • SSDEEP

      3::

    Score
    1/10
    • Target

      Pvt Hooks/injector.exe

    • Size

      7.5MB

    • MD5

      5ac349d31df2f8659f3cbafb6c364d63

    • SHA1

      6b897500c22044917fae28b0bfacdf06fb2c9a81

    • SHA256

      38fe07cf164f35010e97497f66a0435b77b625e69a4c211c8c3b111c4afedf5a

    • SHA512

      dea18006743d2e2abfd647f43d24e263aa3725eed1e61b53610fa4f85b7882aced03122dfb7c002e78930772a264befe03568404b62ca50cf290f4734bcf7bb2

    • SSDEEP

      196608:eNxHcLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1ju:GsL+9qz8LD7fEUbiIqQgpu

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks