Overview

overview

10

Static

static

10

fivem s7b/start.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fivem s7b.rar

  • Size

    21.3MB

  • Sample

    241225-nagagssmfl

  • MD5

    02c5b9427813c0f2c60a9f23d1650413

  • SHA1

    84ee5be7072ec5ba4f6013215a03c82b260649d6

  • SHA256

    29f0a91279a7df7d840cc01df7c0d199e867a46a137d84425be73bf6840e2f07

  • SHA512

    e8f4af28063d18cc4efd3d3caa23036d45f0727f9146c3800887f010ee2615dd8ecbb41077b1cebadf446735262d1d9e2b268fe63addfa501f1a674c66b624c3

  • SSDEEP

    393216:X5j19BWC9ziZxeu06nHDeQCOYLLXeZktpQfz/qRjUPse011JqK:pjJN8xb7HSyYfe6tpwqRjw01N

Score
10/10
blankgrabbercollectiondefense_evasiondiscoveryexecutionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      fivem s7b/start.bat

    • Size

      21.6MB

    • MD5

      3d50186ac66012eb0c6e4d813bfcb414

    • SHA1

      83102ec1333678be19a39406d53dbc89fcc25115

    • SHA256

      598f12da38e0b270f3e6698112afbd1dc162b7779a6690dd11d40a6388126d8a

    • SHA512

      b76d616aa1fe1b160d234babdc533723a1366771b647db211a56ab9a0bba4010db5aeb86fb59359b608b0bf34ac86001d1db3ca9bec56c63bb5fa429c0e3ff05

    • SSDEEP

      393216:1aDW1AzdtCCE62fkYCicgcT/ByQVZVEt9tF7mHzqktrIHziK1piXLGVE4Ue9VJr:GW1ATCiEk1J/vVZV2/wmktuDiXHi9Lr

    Score
    8/10
    collectiondefense_evasiondiscoveryexecutionpyinstallerspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks