Overview

overview

10

Static

static

10

externalforrh.exe

windows7-x64

7

externalforrh.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    externalforrh.exe.bin

  • Size

    17.8MB

  • Sample

    250107-lpnxrsxmbn

  • MD5

    c2a2b586f83c100cdf3c2659ac394a4c

  • SHA1

    f694d900a7a3f48a39f31511b51ce53d94342863

  • SHA256

    81788d573b843f11600689a7b206d91bde7f9664dfe8574b2d3d1281932a018c

  • SHA512

    c594caf0f58161a39293c1e01c4c2aa835321c0cd03f7be18438dcfb3c7b4d874855cd9e77daf225da3f0eea8f362b230c708d946bd8278ca8c13bff39598015

  • SSDEEP

    393216:7qPnLFXlreQ+DOETgsvfG7Oge7vE/vQSv0S1Nhq:OPLFXNeQ/EXhg/Ie0F

Score
10/10
empyreandiscoverypersistencepyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      externalforrh.exe.bin

    • Size

      17.8MB

    • MD5

      c2a2b586f83c100cdf3c2659ac394a4c

    • SHA1

      f694d900a7a3f48a39f31511b51ce53d94342863

    • SHA256

      81788d573b843f11600689a7b206d91bde7f9664dfe8574b2d3d1281932a018c

    • SHA512

      c594caf0f58161a39293c1e01c4c2aa835321c0cd03f7be18438dcfb3c7b4d874855cd9e77daf225da3f0eea8f362b230c708d946bd8278ca8c13bff39598015

    • SSDEEP

      393216:7qPnLFXlreQ+DOETgsvfG7Oge7vE/vQSv0S1Nhq:OPLFXNeQ/EXhg/Ie0F

    Score
    7/10
    upxdiscoverypersistencespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      bc895dc943674837f661c48c8947c838

    • SHA1

      c38f27b8b01da2dc2772107d45f9b029e29f5787

    • SHA256

      2da1bfe62e27dee51dc0dea6306ccc301e5cf6be892bbc8b27004292a6051ace

    • SHA512

      16ea705eeb693bcac573bedf4db4cbc881503e790be62a9d218f0798bc0e2ce85b0d75a2c2dded7449369b69ad1da601c4d988ed7655b75c06c55a85eff53512

    • SSDEEP

      192:wge4BdTsdD8WY6rNWdXweIiRFvsGPTQJhw0QEMdw8S9nw:Beadok6pWue6Kg20tPrw

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks