Overview

overview

10

Static

static

10

Resource.exe

windows10-2004-x64

8

Resubmissions

07-01-2025 11:03

250107-m5s24azpgn 10

06-01-2025 17:07

250106-vm4pwaskc1 10

06-01-2025 17:03

250106-vkvdessjf1 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Resource.zip

  • Size

    7.4MB

  • Sample

    250107-m5s24azpgn

  • MD5

    afc17557402a8729463ade463d8d481e

  • SHA1

    724aa61f2b3c974228316c23dff700b4e21a5ed3

  • SHA256

    abca3e5f5b4bc74eac650ce4040a9eaf5c041cde74000cbf040db1b5579d9db8

  • SHA512

    2972a791ba3b466c762c2b3e8594a5b24598b9a3d23d2be0d28cc68233ba52c598a89936fc05b6109dec2b9eb6a97b5dcaa0f35f801d9000c8199a448654bd80

  • SSDEEP

    196608:rwkpuvlJpecClNTO8GcqLgr6CLtcghpkPsTiuSIXm6Vmia:rw7XpecCjTlrdLCQppiZIXmlH

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      Resource.exe

    • Size

      7.4MB

    • MD5

      cd56d1639c638ef44a1cbcf6756ef2ba

    • SHA1

      784970f33b026fe770d8c0f8938d17b26c428327

    • SHA256

      79041d419f813d07403d5ea0e190c09f63c0e9339bcf225b4588388de34aaa88

    • SHA512

      c00a3be6d4cbc672b4fe3b4afb5072832a870c99d795656380e23d33e9b7b45f2d0851ba86e1d35fe502af2d001cf13e13ff6d431349dc166cfbdcc54bb19b39

    • SSDEEP

      196608:qw0cDemLjv+bhqNVoBKUh8mz4Iv9Pmu1D7wJo:SieaL+9qz8/b4IsuRmo

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks