General
-
Target
AQUA PREMIUM.rar
-
Size
5.8MB
-
Sample
241224-ky9p6atlhr
-
MD5
f71e4dec9ba49a0996f577257ec31ed8
-
SHA1
55c9af15d1c9e55f8966d819a623b225fd06f5cc
-
SHA256
05266a1e82541f3908c2acdb6596791f842c4f483546e89cd52c22bb67a3f0f5
-
SHA512
113ff3f29821ea93c71dd32854714caf8efec9ea6f6e78f39254f44358bf6cfab40984d6c72e4951156c03233bbac0a6de748e94459d3ac5ddc91cbb875c9ec7
-
SSDEEP
98304:WoJ7oTgg90I9kbDh3D6cRxeqmN06/JGq46iZ1XNSNxCIH8GYwCudG8pUT0u/:Wopozd9ADpDWNeAJHADSrMw5ju/
Behavioral task
behavioral1
Sample
AQUA PREMIUM Spoof.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AQUA PREMIUM Spoof.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Respoof.cmd
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Respoof.cmd
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
AQUA PREMIUM Spoof.exe
-
Size
5.9MB
-
MD5
47911cfecd3dcd8b505235dd9b187992
-
SHA1
9c874cead1208b3b77f0ae535d07522629e6e676
-
SHA256
3aac1ef0cd3825fbb753199f1fe31430f4aba354cc4fb8e7db74b63ac8f7efdf
-
SHA512
cac06ffeb06e83c2e0a4c98512dde8292c2800a35a4653621e6cdd2877293381ebf7f773456974b4181838e98916ff9a6c6d5ec2ec145398cfddbb2668889eec
-
SSDEEP
98304:V2De7pzWqe8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDtFMai3lMmg8N:VzNzWKB6yA+KO0WR4iarmg8N
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Respoof.cmd
-
Size
65B
-
MD5
a64d3a4c1d61344273de4e3f2dd3b652
-
SHA1
245859a286db226f15a0c8c51c9b71f31ea1b79a
-
SHA256
6f4b8912c0f77f2e589e8fed98246680bdd01a442f91729ce15ee812b8f4d50e
-
SHA512
e564799596d11b71590569f8c7b31fe7446cabc2dc6bc423308edf7ad2fcb74cbc621891cc594a6b2ebc8320600d0ca2530e92042477246914c55f369d2856cb
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3