General
-
Target
Built.exe
-
Size
6.0MB
-
Sample
241202-zjyrns1rgz
-
MD5
63aa555954b5035b95004285561a009e
-
SHA1
05d3588f626d31f8ecfc5e103d37cd9abd2804ed
-
SHA256
6b6b13cc060be755b66893b28ba1510c8277761dbd8fb643e8a8a4b167a3c5f8
-
SHA512
db82a6011f090451e5ff70acc9dd7d79f1acc5a6fb4826def8edd4e37bd9da18b6dc6c5a3b878a46d868ff42d6be858bb1cca2cd81e2b0d66febb685d3c05eee
-
SSDEEP
98304:F+EtdFBCm/I5tamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RWOnAKcg/spF:FdFIm/JeN/FJMIDJf0gsAGK4RlnAKcTr
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.0MB
-
MD5
63aa555954b5035b95004285561a009e
-
SHA1
05d3588f626d31f8ecfc5e103d37cd9abd2804ed
-
SHA256
6b6b13cc060be755b66893b28ba1510c8277761dbd8fb643e8a8a4b167a3c5f8
-
SHA512
db82a6011f090451e5ff70acc9dd7d79f1acc5a6fb4826def8edd4e37bd9da18b6dc6c5a3b878a46d868ff42d6be858bb1cca2cd81e2b0d66febb685d3c05eee
-
SSDEEP
98304:F+EtdFBCm/I5tamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RWOnAKcg/spF:FdFIm/JeN/FJMIDJf0gsAGK4RlnAKcTr
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3