General
-
Target
ReShade_Setup_4.9.11.rar
-
Size
10.2MB
-
Sample
241208-l2cehazpcx
-
MD5
65e3a2b811ad06fe7d5fd0f290d2fae1
-
SHA1
87081025b00444fb3865ea6a44aa94aa5faaea22
-
SHA256
838a488cc509b378c5e54aab4aabe1fd514af302457515d5dd4f7650fb499bfd
-
SHA512
bdbb7ee701126810f69297cfa1f4ecbd8166baeaa2623bee66593c158b63b1a5d0765fc59bc6ba99ef3d9de3308b6f40747595d71d81a1406714f40c179adcc2
-
SSDEEP
196608:MknedwolpoLTDg3a/2Ocy+LNnQYlgVTmsLKDUMtCcFxVwL9yDJAwi/bQ2HW3YJEV:te6olpQB/2OcdxnQYxwk0EXi/jHW3lzJ
Behavioral task
behavioral1
Sample
ReShade_Setup_4.9.1.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
ReShade_Setup_4.9.1.exe
-
Size
10.3MB
-
MD5
2d25364bd8bb0fd0d34eafc99d676148
-
SHA1
0527f833d99e6e2b34802fd49e80c6fd8d7d48cd
-
SHA256
64d2e3930d0b69bb01206db86acadad30216ec7e2b4db34e92a67caeee334750
-
SHA512
2a37dbea8aff5dfa75c35147d80fc38b1c580ea8e1f232c675d1f6b5c03bc9b683fe0a6fe8a24eabdf6efcefc1d65a32eaa35c996d919044c7947b911d22f34c
-
SSDEEP
196608:rjgVVEgEo+ZPB5InbwfI9jUC2gYBYv3vbW2+iITx1U6ns:oVVE7PBFIH2gYBgDWJTnzs
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3