General

  • Target

    newuimatrix.exe

  • Size

    7.6MB

  • Sample

    241213-qpqhtazlcv

  • MD5

    5662a4ff2a06eaf7ecafdc183562483f

  • SHA1

    f2ab9c6ad54c63fb3996d49b053e2aa56cc44100

  • SHA256

    2a145b2d1df96b70a7514973519d96b16cc09f22bc31010bd75d242b024c9bf2

  • SHA512

    c3c74f07cfb77b87e9d4a384f81f27765d541468aaea289e741f851d2c4f2005f81217cf3e68fba3a4cce9e199b7eaaad70b627e290d674ba9a413d608be280d

  • SSDEEP

    196608:q9HYuwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jc:NIHziK1piXLGVE4Ue0VJY

Malware Config

Targets

    • Target

      newuimatrix.exe

    • Size

      7.6MB

    • MD5

      5662a4ff2a06eaf7ecafdc183562483f

    • SHA1

      f2ab9c6ad54c63fb3996d49b053e2aa56cc44100

    • SHA256

      2a145b2d1df96b70a7514973519d96b16cc09f22bc31010bd75d242b024c9bf2

    • SHA512

      c3c74f07cfb77b87e9d4a384f81f27765d541468aaea289e741f851d2c4f2005f81217cf3e68fba3a4cce9e199b7eaaad70b627e290d674ba9a413d608be280d

    • SSDEEP

      196608:q9HYuwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jc:NIHziK1piXLGVE4Ue0VJY

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks