Overview

overview

10

Static

static

10

Resource.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    250106-vwl67avjcn_pw_infected.zip

  • Size

    7.2MB

  • Sample

    250106-yq1deayjgj

  • MD5

    9b274a9e83e76855c53080931b39dd05

  • SHA1

    b5828fca4e63b391b7ef78e3f5cfdfc92b955664

  • SHA256

    f0488dfe3993217dd94896bf13bbd780201a7f5b41461e5a1baf5827f3226392

  • SHA512

    36279602f73b19b8f5e459e12d46d7f11657eaeb0a9b6887c378026b3857a103b77396f6e8f452f492a9df029a360a7f25076109b792d542508e6646374bb507

  • SSDEEP

    196608:ql5BKraRXkAPCUNIYJwoevHTLaoByKDNlDMm6WKT5S7buc5ztVcf:qQrD/HTGoByK/DMm6DTAD5ztqf

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      Resource.exe

    • Size

      7.4MB

    • MD5

      cd56d1639c638ef44a1cbcf6756ef2ba

    • SHA1

      784970f33b026fe770d8c0f8938d17b26c428327

    • SHA256

      79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88

    • SHA512

      c00a3be6d4cbc672b4fe3b4afb5072832a870c99d795656380e23d33e9b7b45f2d0851ba86e1d35fe502af2d001cf13e13ff6d431349dc166cfbdcc54bb19b39

    • SSDEEP

      196608:qw0cDemLjv+bhqNVoBKUh8mz4Iv9Pmu1D7wJo:SieaL+9qz8/b4IsuRmo

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks