General

  • Target

    Loader.exe

  • Size

    13.3MB

  • Sample

    241223-16wfhatjcs

  • MD5

    94789f7b0275dd8b29e39c74ebf5b454

  • SHA1

    9bf5b2199499d60b4c8e789334b018de5e1be4f4

  • SHA256

    a457b28616c4cce4e208da74f9712c1f12224db01ed17a4d18397b320f86407e

  • SHA512

    69b892d81f46bc6474e6a9aaa4200b9b3d5838ba66e1df27d10eda63b96f742a358f51e4d2bd5772db5bbc4cac059693ccaf58b41b4e40a06dc6be5a7786c72e

  • SSDEEP

    393216:nep9/LJB+kOGzEdf4Hf+apJbr/Fqyf0gsfNRqRjxgK2:nCT+7jAHhpJbr4vfHWVgK2

Malware Config

Targets

    • Target

      Loader.exe

    • Size

      13.3MB

    • MD5

      94789f7b0275dd8b29e39c74ebf5b454

    • SHA1

      9bf5b2199499d60b4c8e789334b018de5e1be4f4

    • SHA256

      a457b28616c4cce4e208da74f9712c1f12224db01ed17a4d18397b320f86407e

    • SHA512

      69b892d81f46bc6474e6a9aaa4200b9b3d5838ba66e1df27d10eda63b96f742a358f51e4d2bd5772db5bbc4cac059693ccaf58b41b4e40a06dc6be5a7786c72e

    • SSDEEP

      393216:nep9/LJB+kOGzEdf4Hf+apJbr/Fqyf0gsfNRqRjxgK2:nCT+7jAHhpJbr4vfHWVgK2

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks