General

  • Target

    spoofer.exe

  • Size

    6.9MB

  • Sample

    241213-19zmbszmgs

  • MD5

    1bacb2e6ffc8fae25e783746b468de7c

  • SHA1

    569baa380e871a0364b9caab0520662916b0370b

  • SHA256

    a4c5665030b1c69b89131e842bf413a402a85c4096a046e219eb0fb51951fe28

  • SHA512

    9018de863a71880071d90b9fec0da73642480a385309fc2e7643317b0d684d1690fe6bb73685fbee578c704b26efdfface49890628697e30bc1232b47dff0931

  • SSDEEP

    98304:MeDjWM8JEE1FEnamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFV:Me0aKeNTfm/pf+xk4dWRpmrbW3jmrt

Malware Config

Targets

    • Target

      spoofer.exe

    • Size

      6.9MB

    • MD5

      1bacb2e6ffc8fae25e783746b468de7c

    • SHA1

      569baa380e871a0364b9caab0520662916b0370b

    • SHA256

      a4c5665030b1c69b89131e842bf413a402a85c4096a046e219eb0fb51951fe28

    • SHA512

      9018de863a71880071d90b9fec0da73642480a385309fc2e7643317b0d684d1690fe6bb73685fbee578c704b26efdfface49890628697e30bc1232b47dff0931

    • SSDEEP

      98304:MeDjWM8JEE1FEnamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFV:Me0aKeNTfm/pf+xk4dWRpmrbW3jmrt

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks