General
-
Target
Resource.zip
-
Size
7.4MB
-
Sample
250106-vm4pwaskc1
-
MD5
afc17557402a8729463ade463d8d481e
-
SHA1
724aa61f2b3c974228316c23dff700b4e21a5ed3
-
SHA256
abca3e5f5b4bc74eac650ce4040a9eaf5c041cde74000cbf040db1b5579d9db8
-
SHA512
2972a791ba3b466c762c2b3e8594a5b24598b9a3d23d2be0d28cc68233ba52c598a89936fc05b6109dec2b9eb6a97b5dcaa0f35f801d9000c8199a448654bd80
-
SSDEEP
196608:rwkpuvlJpecClNTO8GcqLgr6CLtcghpkPsTiuSIXm6Vmia:rw7XpecCjTlrdLCQppiZIXmlH
Malware Config
Targets
-
-
Target
Resource.exe
-
Size
7.4MB
-
MD5
cd56d1639c638ef44a1cbcf6756ef2ba
-
SHA1
784970f33b026fe770d8c0f8938d17b26c428327
-
SHA256
79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88
-
SHA512
c00a3be6d4cbc672b4fe3b4afb5072832a870c99d795656380e23d33e9b7b45f2d0851ba86e1d35fe502af2d001cf13e13ff6d431349dc166cfbdcc54bb19b39
-
SSDEEP
196608:qw0cDemLjv+bhqNVoBKUh8mz4Iv9Pmu1D7wJo:SieaL+9qz8/b4IsuRmo
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1