General

  • Target

    Staffbesting_Private.exe

  • Size

    16.8MB

  • Sample

    241215-1mp5daznak

  • MD5

    454b279d44ee6560e8e2617c86e80c6f

  • SHA1

    092c438dd4f49b090013002086a5a0215a38bc5c

  • SHA256

    84dc07f9e850b5c47ebee63d4262ea9b7fa82a49b01132581b923d19858dc9e8

  • SHA512

    28f2da6ea64f4e6bfee822fbb49e098797cf63361eea56f9357a727f3fa8b07c8f095b59256a688a1f429884ee7366072e5d268cbe2b5ef44cd7fb49ffa5367d

  • SSDEEP

    393216:Tu7L/cxy/m3pqaUX47d4zjO8v/uOMzZlV:TCL0EKqaUI7d4zjO0elV

Malware Config

Targets

    • Target

      Staffbesting_Private.exe

    • Size

      16.8MB

    • MD5

      454b279d44ee6560e8e2617c86e80c6f

    • SHA1

      092c438dd4f49b090013002086a5a0215a38bc5c

    • SHA256

      84dc07f9e850b5c47ebee63d4262ea9b7fa82a49b01132581b923d19858dc9e8

    • SHA512

      28f2da6ea64f4e6bfee822fbb49e098797cf63361eea56f9357a727f3fa8b07c8f095b59256a688a1f429884ee7366072e5d268cbe2b5ef44cd7fb49ffa5367d

    • SSDEEP

      393216:Tu7L/cxy/m3pqaUX47d4zjO8v/uOMzZlV:TCL0EKqaUI7d4zjO0elV

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks