General
-
Target
Tweak.exe
-
Size
7.6MB
-
Sample
250103-wcbf1svqhz
-
MD5
4a66ad3fe1342a755486a7f3f2319abe
-
SHA1
e427f14e049f5b9cf56de0c60e1a828fc63d7aea
-
SHA256
a83f79944ebd60ddc501a63e4d8e6d661559ec9a031f0846ae21709169e8d6bc
-
SHA512
d7761d9deb0646cd4d79132fe437d477122d6a68036a67c6ed3aa6e8b0abaa4921e3b3524ef7c66ab5a05c874cce0b0f0017766432f8196e7867e39762f0125a
-
SSDEEP
196608:BJD+kdLSwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWe:L5JxIHL7HmBYXrYoaUN1
Malware Config
Targets
-
-
Target
Tweak.exe
-
Size
7.6MB
-
MD5
4a66ad3fe1342a755486a7f3f2319abe
-
SHA1
e427f14e049f5b9cf56de0c60e1a828fc63d7aea
-
SHA256
a83f79944ebd60ddc501a63e4d8e6d661559ec9a031f0846ae21709169e8d6bc
-
SHA512
d7761d9deb0646cd4d79132fe437d477122d6a68036a67c6ed3aa6e8b0abaa4921e3b3524ef7c66ab5a05c874cce0b0f0017766432f8196e7867e39762f0125a
-
SSDEEP
196608:BJD+kdLSwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWe:L5JxIHL7HmBYXrYoaUN1
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3