General
-
Target
Account Method v3.rar
-
Size
5.9MB
-
Sample
241227-ehlqha1ney
-
MD5
8a4cd510c6efeefc9fc33465814b71b2
-
SHA1
b9c1e5dfccdf13ddb0206da9f195f27cb63b32a1
-
SHA256
7a43e7fa643bf4e892994c61314aa265ea1e1c46af5313c4cdd90a66f6507b9b
-
SHA512
9757d25393bf7d1a676813c615069f52186bf1f9a5746f28847f8897a97e9dee6b1a3b0f2b3dd4d4f1670143c0eae9fee0df0bcc40721370385440b52228c8d6
-
SSDEEP
98304:+YMKVhn+UVUcFhhkiW27e1V6OuP+W4M0o6YcSvJF1AnKGq2j7UWAvE8WHL:+JK7+rcFho5u+WR0o6YNJF1h2HwE1r
Malware Config
Targets
-
-
Target
Account Method v3.rar
-
Size
5.9MB
-
MD5
8a4cd510c6efeefc9fc33465814b71b2
-
SHA1
b9c1e5dfccdf13ddb0206da9f195f27cb63b32a1
-
SHA256
7a43e7fa643bf4e892994c61314aa265ea1e1c46af5313c4cdd90a66f6507b9b
-
SHA512
9757d25393bf7d1a676813c615069f52186bf1f9a5746f28847f8897a97e9dee6b1a3b0f2b3dd4d4f1670143c0eae9fee0df0bcc40721370385440b52228c8d6
-
SSDEEP
98304:+YMKVhn+UVUcFhhkiW27e1V6OuP+W4M0o6YcSvJF1AnKGq2j7UWAvE8WHL:+JK7+rcFho5u+WR0o6YNJF1h2HwE1r
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Account Method.exe
-
Size
6.0MB
-
MD5
533098d68bed52f271ccacc2ff9b90dc
-
SHA1
9c73399366c258bc43f0a64f2caef51cc60a6df1
-
SHA256
369b6cecb9a25012323387c19abe99e8c82370f22c941172949c2458d8f4f2a2
-
SHA512
5d3138178bcf2c2fa1d80a2ad09b3e4af7a58386c60c85ad7d32c3460c40294eb1f1ca9ba10cc76f87e4152c235b33829534bc04320fa1ab62489a0b4069989a
-
SSDEEP
98304:xIEtdFBgwBamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RsPMEB3JdMDTD:xvFmeN/FJMIDJf0gsAGK4RskEKDTD
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
���QS�l.pyc
-
Size
857B
-
MD5
cffc1a3d89afbbe48f7af10593a64fd8
-
SHA1
4a8a07a0a06cc7ff9e276ff2ce5dbdee56d4fa0d
-
SHA256
ffa912b0f92de8aab2e9016ad88d41325bbba114cf5e87a8c51a911fd2bca059
-
SHA512
05df91129aeb12f946dfd0aa56ae2cc4495028d38902df301008e86c0a60e242b4ee9c59d98016e600fc12056f329fe2e80bdb3132849aa6034e69d39a4c12e1
Score1/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3