General
-
Target
FateInjector.exe
-
Size
9.7MB
-
Sample
241202-yjvjksvrdj
-
MD5
128591418af8fdc5d39ac51c1fda1e39
-
SHA1
2fb6f80ced079a850efa8389255d57e152d96d4d
-
SHA256
921e4dc1310131f3b0799ed3807dd67c7aa271e8e3c1af2c4d4322a5b6d09b26
-
SHA512
a4d392bb54753a3e3a80124b194b3293d855a52c1c7e182424161193aa2ee563333108403cb576605f96d054c2dfd370fbb35ca8a8bcd8aaf106d41965f6f777
-
SSDEEP
196608:qp0cDHwWIB5rntYcLjv+bhqNVoBKUh8mz4Iv9PeSEqu1D7AW:5iHo39L+9qz8/b4IpxuRAW
Malware Config
Targets
-
-
Target
FateInjector.exe
-
Size
9.7MB
-
MD5
128591418af8fdc5d39ac51c1fda1e39
-
SHA1
2fb6f80ced079a850efa8389255d57e152d96d4d
-
SHA256
921e4dc1310131f3b0799ed3807dd67c7aa271e8e3c1af2c4d4322a5b6d09b26
-
SHA512
a4d392bb54753a3e3a80124b194b3293d855a52c1c7e182424161193aa2ee563333108403cb576605f96d054c2dfd370fbb35ca8a8bcd8aaf106d41965f6f777
-
SSDEEP
196608:qp0cDHwWIB5rntYcLjv+bhqNVoBKUh8mz4Iv9PeSEqu1D7AW:5iHo39L+9qz8/b4IpxuRAW
Score10/10-
Deletes Windows Defender Definitions
Uses mpcmdrun utility to delete all AV definitions.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
��^����.pyc
-
Size
1KB
-
MD5
07280c53c0b82b90d2a0769b5b507ae6
-
SHA1
74a5a1b37b20b5226db7b56eaade29024e94f70a
-
SHA256
82bb79c4d7777b72ba36a61e492f8f688d868e2e22c10d162dced67dc0a834a1
-
SHA512
7284ddd40b0df666a85e510800ff788dde606177f7e46eefad27ce694313cf348e7b95dd7775a81a4871b732c5bf0efb125aafd3308a61b0a723e77bfef1e8ab
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3