General

  • Target

    Private Cheat.zip

  • Size

    7.4MB

  • Sample

    250105-r5ftzsyrgk

  • MD5

    4ea5fc82690700ceeb35064ff0b1a2f3

  • SHA1

    25b2efaeb0b95dfe46d5e6a493e4b5e2869bca42

  • SHA256

    4551099cd19833b0b8bc676e8a3b7f83d0365065899a383afa460f8899ea709a

  • SHA512

    d0b3544d5a2806dacaf5c9cbc057206c1721499341f7e88c796fcb572a32c940491710426c2006317a194dee33e29facd5e0e2f41156f2ecdd618e74dd6c1779

  • SSDEEP

    196608:f27103zQB+64GXzBxWf3ampSAKPKWmwO31Gy304Pwm:e2WhFX9xpmlD04f

Malware Config

Targets

    • Target

      Program.exe

    • Size

      7.5MB

    • MD5

      a251902a8bbbe4564fbe9bc06325e7a5

    • SHA1

      a4f0ea45b51f99df9dbcdf4d73de1744c12a5dba

    • SHA256

      790c7394a23d59216e1963197316475cd0c6b4f53c3803c65c0f8f407cdd99a9

    • SHA512

      3860976dbf69c2cd9dbcee98de59e6b28aa6ddd55aa17623fa60ed32322c335db3aa6fea3f07ac132b848648920a03ce62ec7fc4ff24957b1e2e50af192077fb

    • SSDEEP

      196608:RkunqZiwfI9jUC2XMvH8zPjweaBpZ0cX9ooccXK7odAxR:VWIH2XgHq+jq+3YoM

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks