General

  • Target

    oblivion.exe

  • Size

    7.6MB

  • Sample

    241205-c1rncstphs

  • MD5

    0b88159c3ae3bf681b2cabe3ca2b39c1

  • SHA1

    2c2b8234ae42018ed537cae8863da967e7cd5fa6

  • SHA256

    23ae3b7beb053408aa447ef2dd67b613227849447bf2cd52e19e29ad9b0ab204

  • SHA512

    64143d2a97a8ba247f6620e2a717c4e0df297902ace71b944376140d88030b4f4698ce93b24e4a3587470cb304878804a4a4e6cf404502c7f7d044b04b0dc5c1

  • SSDEEP

    196608:N2D+kdjFwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeWO:w5hqIHL7HmBYXrYSaUNo

Malware Config

Targets

    • Target

      oblivion.exe

    • Size

      7.6MB

    • MD5

      0b88159c3ae3bf681b2cabe3ca2b39c1

    • SHA1

      2c2b8234ae42018ed537cae8863da967e7cd5fa6

    • SHA256

      23ae3b7beb053408aa447ef2dd67b613227849447bf2cd52e19e29ad9b0ab204

    • SHA512

      64143d2a97a8ba247f6620e2a717c4e0df297902ace71b944376140d88030b4f4698ce93b24e4a3587470cb304878804a4a4e6cf404502c7f7d044b04b0dc5c1

    • SSDEEP

      196608:N2D+kdjFwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeWO:w5hqIHL7HmBYXrYSaUNo

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks