General

  • Target

    Injector.exe

  • Size

    16.3MB

  • Sample

    241223-wpmptawrdk

  • MD5

    e0ec4f575f876e515f7f56e372fa1142

  • SHA1

    7a7a5a5fa0b2fa8a6a782f9f27344a1db40fb859

  • SHA256

    43725dbdc733f409e34f9cd8c2daceb2d1b5c2baa2a5663452166522ff794586

  • SHA512

    d03bf3ff1182c1764dc8e912229b0bf202660f29356890777bd36864a96b8509e8c44a2d2b9100041fa591f50f0609d43e8519f61fdcf8517827deacd9f3735f

  • SSDEEP

    393216:I9YimSsewq3Obs2CltXMCHWUjurRQ7XbFsn6dEahcyorChF9DA33JX2E:I9YimRewq3ObRqtXMb8urRQ766dhcyo7

Malware Config

Targets

    • Target

      Injector.exe

    • Size

      16.3MB

    • MD5

      e0ec4f575f876e515f7f56e372fa1142

    • SHA1

      7a7a5a5fa0b2fa8a6a782f9f27344a1db40fb859

    • SHA256

      43725dbdc733f409e34f9cd8c2daceb2d1b5c2baa2a5663452166522ff794586

    • SHA512

      d03bf3ff1182c1764dc8e912229b0bf202660f29356890777bd36864a96b8509e8c44a2d2b9100041fa591f50f0609d43e8519f61fdcf8517827deacd9f3735f

    • SSDEEP

      393216:I9YimSsewq3Obs2CltXMCHWUjurRQ7XbFsn6dEahcyorChF9DA33JX2E:I9YimRewq3ObRqtXMb8urRQ766dhcyo7

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks