Resubmissions

04-12-2024 04:21

241204-eymbza1qgy 10

04-12-2024 04:20

241204-eya9ps1qfw 10

General

  • Target

    accgen.exe

  • Size

    7.5MB

  • Sample

    241204-eymbza1qgy

  • MD5

    a67d509f43e7644fc0e19982afb5e78b

  • SHA1

    e7793b425aaf522ae16e46d1b1208ff47b795e6c

  • SHA256

    2b48a65306f5b0c5cc4d23e902277c067f3a288892771bc7dffd225882214295

  • SHA512

    2aac62fafb430156b17f69bcca4b3e6f16a05eb42ed895e2ce10e0cd14e114cffb92c6328660460f01c132acc168e345db91a5ecf3856f8b98ca29b08ff7ee22

  • SSDEEP

    196608:afQCwVUurErvI9pWjgN3ZdahF0pbH1AY7WtQsNo/03vC1n:nVUurEUWjqeWx06rYYn

Malware Config

Targets

    • Target

      accgen.exe

    • Size

      7.5MB

    • MD5

      a67d509f43e7644fc0e19982afb5e78b

    • SHA1

      e7793b425aaf522ae16e46d1b1208ff47b795e6c

    • SHA256

      2b48a65306f5b0c5cc4d23e902277c067f3a288892771bc7dffd225882214295

    • SHA512

      2aac62fafb430156b17f69bcca4b3e6f16a05eb42ed895e2ce10e0cd14e114cffb92c6328660460f01c132acc168e345db91a5ecf3856f8b98ca29b08ff7ee22

    • SSDEEP

      196608:afQCwVUurErvI9pWjgN3ZdahF0pbH1AY7WtQsNo/03vC1n:nVUurEUWjqeWx06rYYn

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks