General

  • Target

    mer.exe

  • Size

    7.6MB

  • Sample

    241212-wef5aatnfp

  • MD5

    11d404d0d88ee6f183024574f3bc8818

  • SHA1

    78f6d24c4868e4d02c3f5cd684df75fabb23b7ee

  • SHA256

    d1c215225e99efdb97cce8c37f3d48eaec05dadd3e45ef7d7d9ac68ebd4ed5d5

  • SHA512

    83dc4abd4b14809fb628df5f0b2a7f6a9fa40eaf6e3e3b5aaf362021824085533903efc509c641c711fd96265011fe3f297aa7126d0c01172d238e0c942ce4e1

  • SSDEEP

    196608:BiHYTCwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jn:zBIHziK1piXLGVE4Ue0VJj

Malware Config

Targets

    • Target

      mer.exe

    • Size

      7.6MB

    • MD5

      11d404d0d88ee6f183024574f3bc8818

    • SHA1

      78f6d24c4868e4d02c3f5cd684df75fabb23b7ee

    • SHA256

      d1c215225e99efdb97cce8c37f3d48eaec05dadd3e45ef7d7d9ac68ebd4ed5d5

    • SHA512

      83dc4abd4b14809fb628df5f0b2a7f6a9fa40eaf6e3e3b5aaf362021824085533903efc509c641c711fd96265011fe3f297aa7126d0c01172d238e0c942ce4e1

    • SSDEEP

      196608:BiHYTCwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jn:zBIHziK1piXLGVE4Ue0VJj

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks