General
-
Target
main.exe
-
Size
24.2MB
-
Sample
241204-265vlswmay
-
MD5
d4deba339c060fb46ed3d55c5c448f25
-
SHA1
ead1d646b0150cc3872eab8d53edbcecbdd7e672
-
SHA256
846a19243d1b39b9c356ec9477878fba8647aa00f3800533ea07e3ceab48d793
-
SHA512
cd9d161d6560ffac89c809d84e0d399dcbe3392db0298f286f05a0e0c33a1f2ee9e63c49720de32df4de634b27e4d6a4dbbf9c836c8c6b8da4950f561e20f412
-
SSDEEP
393216:cqPnLFXlrrMYoDQTiDOETgsvcG0VgOtg4HpMpD8aCmmdA7mPrs:NPLFXNrNoDQTTE0BtgftTR7b
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
main.exe
-
Size
24.2MB
-
MD5
d4deba339c060fb46ed3d55c5c448f25
-
SHA1
ead1d646b0150cc3872eab8d53edbcecbdd7e672
-
SHA256
846a19243d1b39b9c356ec9477878fba8647aa00f3800533ea07e3ceab48d793
-
SHA512
cd9d161d6560ffac89c809d84e0d399dcbe3392db0298f286f05a0e0c33a1f2ee9e63c49720de32df4de634b27e4d6a4dbbf9c836c8c6b8da4950f561e20f412
-
SSDEEP
393216:cqPnLFXlrrMYoDQTiDOETgsvcG0VgOtg4HpMpD8aCmmdA7mPrs:NPLFXNrNoDQTTE0BtgftTR7b
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1