General
-
Target
TotallyNotAimmyV3.exe
-
Size
6.9MB
-
Sample
241221-wzv4yawkhk
-
MD5
92f4c5f91c765fbe48a22d370b59385f
-
SHA1
9ad58a29b270d9a1644657efdfa6e9da0ced7395
-
SHA256
ef47e1e2bafcd60e0d7cd52ead4758c3f25146b9098b2abb03e0276ab403af43
-
SHA512
b363b7352683ae3b4f2e2db87cb9f9f21a21f128a2265841e1b3520344a34cf54bcb6a94f32bc0a006f2a502ac117edf01265a0453dec1f720cafd8e0d53e932
-
SSDEEP
98304:snAkwN+MdA5wqSnWNrrd8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DovaDJ1n67:sAV1v/B6ylnlPzf+JiJCsmFMvln6hqgR
Behavioral task
behavioral1
Sample
TotallyNotAimmyV3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
TotallyNotAimmyV3.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
TotallyNotAimmyV3.exe
-
Size
6.9MB
-
MD5
92f4c5f91c765fbe48a22d370b59385f
-
SHA1
9ad58a29b270d9a1644657efdfa6e9da0ced7395
-
SHA256
ef47e1e2bafcd60e0d7cd52ead4758c3f25146b9098b2abb03e0276ab403af43
-
SHA512
b363b7352683ae3b4f2e2db87cb9f9f21a21f128a2265841e1b3520344a34cf54bcb6a94f32bc0a006f2a502ac117edf01265a0453dec1f720cafd8e0d53e932
-
SSDEEP
98304:snAkwN+MdA5wqSnWNrrd8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DovaDJ1n67:sAV1v/B6ylnlPzf+JiJCsmFMvln6hqgR
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3