General
-
Target
Built.rar
-
Size
6.6MB
-
Sample
241230-b3qcmstnbl
-
MD5
b8ed10b383a616bd6bad634c6b57cf84
-
SHA1
093e68d0f399edf6a091cfefef13876b207e8533
-
SHA256
b20b2beca27b6c6070e1a45ce671fe4eea00a36e962cab92ae5ebb3b91224be3
-
SHA512
593ad25be8211bd65779ba211e6b28c645a2970ab75138328e0998683d20d2bd9fdc5e757a762cd2e93feb886a4006dbe50d5b3fb1126ff4b2dcbc56f2ebf65d
-
SSDEEP
196608:VC6Cl/Fp/0Z2VPSb6dl+exo9sxYm7vOMchUCYP:VC6E3/B3+YxYmbOzhY
Malware Config
Targets
-
-
Target
Built.exe
-
Size
6.7MB
-
MD5
4f062a341e441dcad1563cf0e04cce79
-
SHA1
39f1de71aad771b34e5f2c6cb8ecc752336db322
-
SHA256
83009acf8b02a139782484ed936629405b91479392be2b7edb93da7d9b198aca
-
SHA512
2b609344a6275356a4f737a494c4caa35be94b9a129c123dbbb0b98b4a334201df16f76067a97748a98b6464efdb8f10ed9f5d207e6c63776a03d1cf118c6eaf
-
SSDEEP
196608:32FyyeN/FJMIDJf0gsAGK5SEQR4k38LEGg:b/Fqyf0gsfN4kMAr
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3