General

  • Target

    rainy loader.exe

  • Size

    7.6MB

  • Sample

    241218-bljhrsxnep

  • MD5

    8bc5f4a6062d1160d5121fed028f1c60

  • SHA1

    d93996b72f6ba8c1e3d6790807e4afb709af8777

  • SHA256

    2cf12e3514b0c48900dcae2000a8e10e28880cc8c7cbbb20d456aa899e864738

  • SHA512

    14adac56bb328006c3a6a037a990433748cd6c1ee69f5c0949a33de0350f139f38cfbc0d78c21a2dfae7d0178484d94389f3cd1405009ec359fcd5b415d509d8

  • SSDEEP

    196608:OYD+kd+wfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW0:d5HIHL7HmBYXrYSaUNy

Malware Config

Targets

    • Target

      rainy loader.exe

    • Size

      7.6MB

    • MD5

      8bc5f4a6062d1160d5121fed028f1c60

    • SHA1

      d93996b72f6ba8c1e3d6790807e4afb709af8777

    • SHA256

      2cf12e3514b0c48900dcae2000a8e10e28880cc8c7cbbb20d456aa899e864738

    • SHA512

      14adac56bb328006c3a6a037a990433748cd6c1ee69f5c0949a33de0350f139f38cfbc0d78c21a2dfae7d0178484d94389f3cd1405009ec359fcd5b415d509d8

    • SSDEEP

      196608:OYD+kd+wfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeW0:d5HIHL7HmBYXrYSaUNy

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks