General
-
Target
Mail Access Checker by xRisky v2 [Free version].rar
-
Size
172.5MB
-
Sample
241205-jsgxhsvqbx
-
MD5
14b77edbf19b14feff90fe5546798884
-
SHA1
eee4918a91c5ed37a88ed7425f5b948da6f4f818
-
SHA256
5f1992dd2b43541a02a77bccdb73ab2e47a17b9cd2a13e6a6cd40de2d12e7f20
-
SHA512
57d0181b6330e0c0696776dd41e1eba7c713a1d351c8abb41e5259e2b4aae7179af8b543b9b182893cd0f9a8500952a4e32427d70c251f7c75a4c6d41f2fa6b3
-
SSDEEP
3145728:MdmoIZ768Uzz+3baQahQQAbDHor/Jp3Jqm8zV/Qlrt33VxI6C8mRHll6P1G6:tZu8UPiPorD3J8Ql13VxiDRHll6n
Malware Config
Targets
-
-
Target
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Checker.exe
-
Size
6.0MB
-
MD5
7b23b16fb9cb368b3b282f96d5067229
-
SHA1
0393a31b074ce29a904e97929da620d3a2bc9f89
-
SHA256
7e55049a20a923847008b11dd7c0886ab0b88bc9cf612fd4548191453c4fc5c9
-
SHA512
57bc40d31995d451c1600de88e5f3c20253e63f248251033d2f92ab9d415c6d648ef4f1025e810ef7f561e7a45be6746de7a78da9a91467329145b6a40f0d8cf
-
SSDEEP
98304:r75PmoDUN43WlmljOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6a5tMu:H5PumWMOjmFwDRxtYSHdK34kdai7bN3A
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Mail Access Checker by xRisky v2 [Free version]/Data/Modules/Checker1.exe
-
Size
67.7MB
-
MD5
ca4b373ccf1990360ecc5c0b6f0b3b14
-
SHA1
8c385c650e51100aa5026f14f1b81d171b9fae4c
-
SHA256
7d05137859424894e35840aaf22666de2f5a48cc59ee9c22b6044bf388ab52bf
-
SHA512
b2987a1b8ddea877ee7da5b47146b8f60387b41dccaaaaa653f12f53d53abfc8fe7fe0d2a51e09e25ee8501b1634a4d0a888c45eb13172fd7c89a8b6fcf282c0
-
SSDEEP
1572864:lRWKf5aPpViUdnDIbhoIDt05cLHljPqHq2MbIep/AexKhHRnfYsdW4dU:lRWKfipViUdDIFb9qKZDVx8dU4d
Score1/10 -
-
-
Target
Mail Access Checker by xRisky v2 [Free version]/Mailaccess Checker by xRisky v2.exe
-
Size
582KB
-
MD5
82c493c58ad0ed2255d1500840d1d75c
-
SHA1
24b2997983add8d90e896af2dbdc32cf19895389
-
SHA256
325a912d9f9f4878cfc13a45a2da2494b4c4080c39d8a40166eb39c6ef3d24a0
-
SHA512
68f91fe3693dffdaadf28ad5dd3719cdfddff6e4729f48774ae336aef97908d8bc2c419aff65a7d4cbe24e2b85ea2f311dfec2de1136ed7fd7374d2d3ead8c88
-
SSDEEP
6144:oOaTmuaJ0GFRabVg8O1lFrRawLmKx85EJXlkc3rNPWyXJJy1LDR6qwYelXN1C4q1:oOSmvFobVgZtCKZX97NPWyXgteYILQ
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
1Remote System Discovery
1System Information Discovery
4System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1