metastealer | 6cf8bfba1b221effcb1eccec0c91fb0906d0b8996932167f654680cb3ac53aac | Triage

Resubmissions

05-12-2024 14:59

241205-scvywayrgz 10

17-12-2023 23:15

231217-28y5vagccl 10

27-10-2023 11:50

231027-nzmhssfg49 10

14-10-2023 04:05

231014-enwgwshf97 10

Sharing

General

Target

6cf8bfba1b221effcb1eccec0c91fb0906d0b8996932167f654680cb3ac53aac
Size

12.1MB
Sample

241205-scvywayrgz
MD5

d771632ff34c40d105363d7035f3cf4b
SHA1

af2ff96d8f81b3e3df2756ac27c9d23f35432435
SHA256

6cf8bfba1b221effcb1eccec0c91fb0906d0b8996932167f654680cb3ac53aac
SHA512

fe954ed4e752f50b5aae5de36bb760610044acc3d19056b24b9a4ec6937d5c5c60f3ebd4d61b86c22af01599f2dc13e159714260c7d32877753b0e600e82a300
SSDEEP

196608:keOD8HOauP9k8YOOBQMfhXx/LVjuMP/2sP:Vw8CP8OOBZLLVaK/2s

Score

10^/10

metastealer discovery execution

Malware Config

Extracted

Family

metastealer

C2

mmswgeewswyyywqk.xyz

wgcuwcgociewewoo.xyz

ockimqekmwecocug.xyz

cewgwsyookogmmki.xyz

kiqewcsyeyaeusag.xyz

csyeywqwyikqaiim.xyz

iqaeaoeueeqouweo.xyz

iqwgwsigmigiqgoa.xyz

cskayciweqgewgau.xyz

iekwwguycqyeiuky.xyz

myikkkwougygggom.xyz

occwacaeasuqecyk.xyz

kiuosesmscwqiysk.xyz

gaawyoqyocmwqmkc.xyz

ywsogsasmecsemsy.xyz

iqwakukceyykqiqa.xyz

quaesiwicwikwuks.xyz

gaagqeqgeskseuky.xyz

skiakiqkaqosmaey.xyz

myiycmamacemygum.xyz

Attributes

dga_seed
4660
domain_length
16
num_dga_domains
10000
port
1775

Targets

- Target
  
  6cf8bfba1b221effcb1eccec0c91fb0906d0b8996932167f654680cb3ac53aac
- Size
  
  12.1MB
- MD5
  
  d771632ff34c40d105363d7035f3cf4b
- SHA1
  
  af2ff96d8f81b3e3df2756ac27c9d23f35432435
- SHA256
  
  6cf8bfba1b221effcb1eccec0c91fb0906d0b8996932167f654680cb3ac53aac
- SHA512
  
  fe954ed4e752f50b5aae5de36bb760610044acc3d19056b24b9a4ec6937d5c5c60f3ebd4d61b86c22af01599f2dc13e159714260c7d32877753b0e600e82a300
- SSDEEP
  
  196608:keOD8HOauP9k8YOOBQMfhXx/LVjuMP/2sP:Vw8CP8OOBZLLVaK/2s
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution