General

  • Target

    Void -- Paid -- Cleaner.exe

  • Size

    7.6MB

  • Sample

    241224-wa3gqatkdq

  • MD5

    648b3d2d6d4f603ecff85f85d0e38079

  • SHA1

    ecae64e0ed23b0e91dd11774a1672efe2cfad67b

  • SHA256

    efc7ec29f525161bddb6d778cdb85c0462a727134362ee3402b4e00d75717ac5

  • SHA512

    79b1061e52e9b27a7cf7eddc0593863633fe07381a44fa7ce69251ce903483dfaff046b564a9e216cad1deb3c9e4f5fbd39ac91ec122c7943dc189d9a7f58e0d

  • SSDEEP

    196608:kHD+kdkwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeWe:M5VIHL7HmBYXrYSaUNw

Malware Config

Targets

    • Target

      Void -- Paid -- Cleaner.exe

    • Size

      7.6MB

    • MD5

      648b3d2d6d4f603ecff85f85d0e38079

    • SHA1

      ecae64e0ed23b0e91dd11774a1672efe2cfad67b

    • SHA256

      efc7ec29f525161bddb6d778cdb85c0462a727134362ee3402b4e00d75717ac5

    • SHA512

      79b1061e52e9b27a7cf7eddc0593863633fe07381a44fa7ce69251ce903483dfaff046b564a9e216cad1deb3c9e4f5fbd39ac91ec122c7943dc189d9a7f58e0d

    • SSDEEP

      196608:kHD+kdkwfI9jUCBB7m+mKOY7rXrZusoSDmhfvsbnTNeWe:M5VIHL7HmBYXrYSaUNw

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks