Overview

overview

10

Static

static

1

c156c24ba8...9b.lnk

windows7-x64

7

c156c24ba8...9b.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c156c24ba8bbf168969b9acfa760f49b.lnk

  • Size

    3KB

  • Sample

    241231-kmmfgsvman

  • MD5

    c156c24ba8bbf168969b9acfa760f49b

  • SHA1

    110d20232e070265c8b5ab808264c5e9613cede6

  • SHA256

    4b4bb2f618431b740a075df0972cd029be2418c1f1870d411ef4cf1e8779c97e

  • SHA512

    d2969b42c5a4e5e8ceff1d8961e75abd4b9172631765445ac61f87f20acffd55054b94f4d491e80c53c0423da26f72948672ba6b41d4e2793a8a9fd9899518c7

Score
10/10
metastealerdiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz
Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      c156c24ba8bbf168969b9acfa760f49b.lnk

    • Size

      3KB

    • MD5

      c156c24ba8bbf168969b9acfa760f49b

    • SHA1

      110d20232e070265c8b5ab808264c5e9613cede6

    • SHA256

      4b4bb2f618431b740a075df0972cd029be2418c1f1870d411ef4cf1e8779c97e

    • SHA512

      d2969b42c5a4e5e8ceff1d8961e75abd4b9172631765445ac61f87f20acffd55054b94f4d491e80c53c0423da26f72948672ba6b41d4e2793a8a9fd9899518c7

    Score
    10/10
    metastealerdiscoveryexecutionspywarestealer

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

      stealermetastealer

    • MetaStealer payload

    • Metastealer family

      metastealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks