General
-
Target
Mega.exe
-
Size
6.7MB
-
Sample
241205-yhbebavram
-
MD5
14826a6b533513981a9e6b505a136b92
-
SHA1
9da30246305efd92e0b44e3495130bc6864073d8
-
SHA256
7075171e943b2313cd1f49f6366b9ca26d514cf65af34f064fd430976f6c038a
-
SHA512
4dc94ea531f16043b654092fb5b1138d716ee2657ade14924a4c0392fe0debe2bc24ebdfbc9bead37d717b7492b3d0eacbcb12633f9ce83e070d2f3c004ed3af
-
SSDEEP
196608:7xFyoeN/FJMIDJf0gsAGK5SEQRSkD3xTS:O/Fqyf0gsfNSkbxO
Malware Config
Targets
-
-
Target
Mega.exe
-
Size
6.7MB
-
MD5
14826a6b533513981a9e6b505a136b92
-
SHA1
9da30246305efd92e0b44e3495130bc6864073d8
-
SHA256
7075171e943b2313cd1f49f6366b9ca26d514cf65af34f064fd430976f6c038a
-
SHA512
4dc94ea531f16043b654092fb5b1138d716ee2657ade14924a4c0392fe0debe2bc24ebdfbc9bead37d717b7492b3d0eacbcb12633f9ce83e070d2f3c004ed3af
-
SSDEEP
196608:7xFyoeN/FJMIDJf0gsAGK5SEQRSkD3xTS:O/Fqyf0gsfNSkbxO
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3