General

  • Target

    Everything (1).rar

  • Size

    7.5MB

  • Sample

    250106-kpxn8sskdw

  • MD5

    9220abd35d4a41a2fe17b6394ac96909

  • SHA1

    53c80193c6b6924b8327ebcb722e67384c26075a

  • SHA256

    eec7e3a68654bab1b00a5da629540e3a7afe4eceb8f0db293b0ed202eed985cf

  • SHA512

    ee5fc360c058cceb274f5b83c633c5d54e1caf11a8e4d19815548a6b7c35dd4801977735898e8e9b1753d300b89a1fbf65a350c6a3e79be813fb30840daede20

  • SSDEEP

    196608:M88bVAK6AIqndMiKz4LaI0Pww/2VvAVfNzqPOnQd:vyOK6SiJEGI07/EvADznnQd

Malware Config

Targets

    • Target

      Everything.exe

    • Size

      7.6MB

    • MD5

      4b72e0c426e66258f9ca3c165f56941c

    • SHA1

      7d7a8415b8d4075d1036a308fe9c9aa30d3a4755

    • SHA256

      5b73a3e34e88206fbe4e1767dbac5eede17c464fb76224280d501b19ac2911f1

    • SHA512

      669ce55fe8c2c6939afaa4e333fac1214b852a226d876f3da035f1ceb81f52a5d1882a7adf5be4f18df8196288a7f019f7426ab2369855eb903b76c91fb99297

    • SSDEEP

      196608:zRD+kd1wfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWO:l5YIHL7HmBYXrYoaUNh

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks