General

  • Target

    5184b92097feeecf09d4e92b58c252333d397b3b7c424b62e73ae2fc2f6be405.exe

  • Size

    7.5MB

  • Sample

    241214-d8ty5avnhr

  • MD5

    546606959cb5b178d679b203d938cf88

  • SHA1

    f907e7d19734bf7459388b3299822858f0039711

  • SHA256

    5184b92097feeecf09d4e92b58c252333d397b3b7c424b62e73ae2fc2f6be405

  • SHA512

    be3efba75f20cffbad2b5209e308e95aca31861b8dff5461ce386f10d8276caf73a827bcf415120c07feff815f7099aa29f2b55b22b01301def62d75f478439c

  • SSDEEP

    196608:JNLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1jk:TL+9qz8LD7fEUbiIqQgpk

Malware Config

Targets

    • Target

      5184b92097feeecf09d4e92b58c252333d397b3b7c424b62e73ae2fc2f6be405.exe

    • Size

      7.5MB

    • MD5

      546606959cb5b178d679b203d938cf88

    • SHA1

      f907e7d19734bf7459388b3299822858f0039711

    • SHA256

      5184b92097feeecf09d4e92b58c252333d397b3b7c424b62e73ae2fc2f6be405

    • SHA512

      be3efba75f20cffbad2b5209e308e95aca31861b8dff5461ce386f10d8276caf73a827bcf415120c07feff815f7099aa29f2b55b22b01301def62d75f478439c

    • SSDEEP

      196608:JNLjv+bhqNVoBLD7fEXEoYbiIv9pvvk9fIiZ1jk:TL+9qz8LD7fEUbiIqQgpk

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks