General

  • Target

    Xenox Exploit.exe

  • Size

    7.5MB

  • Sample

    241223-v4fpdawmcm

  • MD5

    095cfc6cc2bfb81d87d26607d65768d1

  • SHA1

    4af4706852b9afcae603db5e7e9fa63953e3ae62

  • SHA256

    3e9c3921efb283bcbf868d46fba477b990ebb2ee2eb629d258d3e179ea333b36

  • SHA512

    85bcea3dfb806353d2bf0bfd5c08adb3c654fba03464bcf8bb0af29ca8868b792e401224d22851dc5059d0d56a7e1b288e60d522ddc8fdae8caa219478a97a7c

  • SSDEEP

    196608:58QCwVxurErvI9pWjgN3ZdahF0pbH1AY7WtQsNo/03vC1Z:rVxurEUWjqeWx06rYYZ

Malware Config

Targets

    • Target

      Xenox Exploit.exe

    • Size

      7.5MB

    • MD5

      095cfc6cc2bfb81d87d26607d65768d1

    • SHA1

      4af4706852b9afcae603db5e7e9fa63953e3ae62

    • SHA256

      3e9c3921efb283bcbf868d46fba477b990ebb2ee2eb629d258d3e179ea333b36

    • SHA512

      85bcea3dfb806353d2bf0bfd5c08adb3c654fba03464bcf8bb0af29ca8868b792e401224d22851dc5059d0d56a7e1b288e60d522ddc8fdae8caa219478a97a7c

    • SSDEEP

      196608:58QCwVxurErvI9pWjgN3ZdahF0pbH1AY7WtQsNo/03vC1Z:rVxurEUWjqeWx06rYYZ

    • Deletes Windows Defender Definitions

      Uses mpcmdrun utility to delete all AV definitions.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks