General

  • Target

    SnoserP2.exe

  • Size

    8.2MB

  • Sample

    241201-szzwcavmdz

  • MD5

    5f6e4a52683aa6c7187e0ef0b6229624

  • SHA1

    fa873530d46f6c52336d389226f6fb354a3ce009

  • SHA256

    fc8d444f21d4438f7fc22c632adeb2f22ccfef5b9292b9b4997b969f9eef8685

  • SHA512

    964e24bb00b412ea7002b2189b478697189e410eb78e12c6b5c059cc80bdcaf11d2dc1850839bb44dec4e266b4ca45830f167f32b694a03d81fa160412a3e97e

  • SSDEEP

    196608:3vQXwuLtrurErvI9pWjgN3ZdahF0pbH1AYSEp7CtQsNI/Sx3C1Z:1GurEUWjqeWxQR6nAYZ

Malware Config

Targets

    • Target

      SnoserP2.exe

    • Size

      8.2MB

    • MD5

      5f6e4a52683aa6c7187e0ef0b6229624

    • SHA1

      fa873530d46f6c52336d389226f6fb354a3ce009

    • SHA256

      fc8d444f21d4438f7fc22c632adeb2f22ccfef5b9292b9b4997b969f9eef8685

    • SHA512

      964e24bb00b412ea7002b2189b478697189e410eb78e12c6b5c059cc80bdcaf11d2dc1850839bb44dec4e266b4ca45830f167f32b694a03d81fa160412a3e97e

    • SSDEEP

      196608:3vQXwuLtrurErvI9pWjgN3ZdahF0pbH1AYSEp7CtQsNI/Sx3C1Z:1GurEUWjqeWxQR6nAYZ

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks