General
-
Target
index.exe
-
Size
6.9MB
-
Sample
241227-xajkaaxpfz
-
MD5
37010674818bdcc9ef583a2b71c03f43
-
SHA1
cf2e8ee2a261a1651a97195cdf797cb89deb5265
-
SHA256
1e152213721345459d7fcde9f109009843a5032cb4e5954d3a7ac0fe03ff3fb7
-
SHA512
31f12d56c1d24f6a16374694e00c41ab38d515dad8f897aeddab9239e9abc07908825ec43137d1c2b0176e8b7417c41f43b391b3eccda5a740f812ad224c5005
-
SSDEEP
196608:VkV1v7dB6ylnlPzf+JiJCsmFMvln6hqg7:kRBRlnlPSa7mmvlpg7
Malware Config
Targets
-
-
Target
index.exe
-
Size
6.9MB
-
MD5
37010674818bdcc9ef583a2b71c03f43
-
SHA1
cf2e8ee2a261a1651a97195cdf797cb89deb5265
-
SHA256
1e152213721345459d7fcde9f109009843a5032cb4e5954d3a7ac0fe03ff3fb7
-
SHA512
31f12d56c1d24f6a16374694e00c41ab38d515dad8f897aeddab9239e9abc07908825ec43137d1c2b0176e8b7417c41f43b391b3eccda5a740f812ad224c5005
-
SSDEEP
196608:VkV1v7dB6ylnlPzf+JiJCsmFMvln6hqg7:kRBRlnlPSa7mmvlpg7
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
n%����6.pyc
-
Size
1KB
-
MD5
2e434e75ed763aa60b189ea0fa51ca37
-
SHA1
f45f6773b61d44a7066bb99138f62c4f164ba1c4
-
SHA256
ffc0944b1eb6d90921fce2088e3bba09608e3ff5a45e34a85da7709558759c68
-
SHA512
17af191b066ce1bf7e2443b14dddf8da60a61fa01029c65d0900f3de4f2493d29fb3dd36f83c965e07f2cc4e7806b073fd09f79e4763d48ccf9560f0dfbf90d5
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3