Resubmissions

01-12-2024 19:44

241201-yfswkszlgt 10

General

  • Target

    tmp_1733001826946.exe

  • Size

    18.6MB

  • Sample

    241201-yfswkszlgt

  • MD5

    c90ad52a182d82fb3445d97032bff657

  • SHA1

    6101963a2cc04a41e3f78fc980a37007210be2ea

  • SHA256

    f6004955ec62b547b4d3c6ef6c7fe522624693573f7ade107d613e031f8f1e35

  • SHA512

    6463573077d589ba81f5e1610b780460fddd94dff6a20e8e5190fdb92c466c9614a0b23d5160826dfc34ec59a427c9dc3a1df5625bc33a3caa90f7cf1dc70922

  • SSDEEP

    393216:eqPnLFXlryQMDOETgs77fGn4bgHYbvvEE90anNQ6q:TPLFXNyQRE7JAYAMny

Malware Config

Targets

    • Target

      tmp_1733001826946.exe

    • Size

      18.6MB

    • MD5

      c90ad52a182d82fb3445d97032bff657

    • SHA1

      6101963a2cc04a41e3f78fc980a37007210be2ea

    • SHA256

      f6004955ec62b547b4d3c6ef6c7fe522624693573f7ade107d613e031f8f1e35

    • SHA512

      6463573077d589ba81f5e1610b780460fddd94dff6a20e8e5190fdb92c466c9614a0b23d5160826dfc34ec59a427c9dc3a1df5625bc33a3caa90f7cf1dc70922

    • SSDEEP

      393216:eqPnLFXlryQMDOETgs77fGn4bgHYbvvEE90anNQ6q:TPLFXNyQRE7JAYAMny

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks