General

  • Target

    Mozilla Firefox.zip

  • Size

    104.9MB

  • Sample

    250108-a87y7swqfy

  • MD5

    652262cea813d8125fc12fdd6ac4afd1

  • SHA1

    875109352bfda6dbaac4f8e8076dbd8ee849637b

  • SHA256

    656eb4d10487e855a11b88e487b887e88f8d3540f14c6a08869e83f8c2d5e13f

  • SHA512

    ff9d9d65b4daf8bb7bc0de19062b9f0dd4384459e8cf48c3eac3c6f13857289076d5d0da92eda566e0971129228d366ecff5bcbd4e916e66fa2ef1fa40b5ecc5

  • SSDEEP

    3145728:yc056vnwWDJcI9W6Mnm+pdLF4E/7qNBmss0uTKg:ycq6vnrlnWxNqd42uZ

Malware Config

Targets

    • Target

      Mozilla Firefox/AccessibleMarshal.dll

    • Size

      31KB

    • MD5

      fcdb5689943013c5409885e37cba4737

    • SHA1

      c12ca81adf8343571aceb399d725790d124df88a

    • SHA256

      c26c7cc9a9bfc874e6f1199497f6cde22d587464d80f66b4ff8d84ef47f7d44f

    • SHA512

      3d0c1ffa00909dce56c7d634d1c5ce48490dd9ff689c5dfede984065a79c5f9d942e26e15f35c1060a55810d07a7f3200c305b24cc939b785d0417d92f625ee6

    • SSDEEP

      384:IGz3JfaZbhaO1aOS/viqmGeUMc25dYj3ph2UtLIYiaxe8E9VF0NyxSJIVmp0pD:f3JfaZbhaManvbmGeq2gTr8Yi2NEGY

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Target

      Mozilla Firefox/browser/features/[email protected]

    • Size

      448KB

    • MD5

      faef700dfbfa31ebe833627b5dd04d2a

    • SHA1

      a593a9f3851cb3dece608172299634f63e742028

    • SHA256

      ebb9e4d6232eb6451ecf3fcb140bd94b415bec0f4b416fa16ee5695fe2f2151a

    • SHA512

      63ff6ea7e71276676d736d884b0e31ec200e592c77dbf18ac3114959bb77389054a48c1050624f1c8a4e7b4abe74565c7c7716fb463f0a953c25599caeaeb142

    • SSDEEP

      3072:y7bV/ihk+/W0RLL8UHKHgWmPm1dFrgcnMf2XoJ3sHZ1Dpa1x:y4/HLAUHKgnPm1dFrgIID3s/paL

    Score
    3/10
    • Target

      Mozilla Firefox/crashreporter.exe

    • Size

      3.4MB

    • MD5

      4a47088c6ea24e485140b65f8ff3a800

    • SHA1

      e29da6dcd0bfd1021993eec9be0c5a0a25a56fd9

    • SHA256

      7e6a2061238a6b39ee36db89604b2ca2b73e6b5489d10ff1157e39141bb87797

    • SHA512

      992cdb90231276a90170b180d692d17576282965c99e3fc89a480594d7068bfee0e62a4c672126677fef40cceefabb4f5baa990b2d8fb46b92559ce6e7be3fca

    • SSDEEP

      49152:NMVov78Xkr4NXFf/3PPA/iBb/3mr1NVfBn+HRTXlVLhmmixHg:6VHj/KaufZ+RrXLhmJK

    Score
    1/10
    • Target

      Mozilla Firefox/default-browser-agent.exe

    • Size

      33KB

    • MD5

      957b376311b114608465e157c114d49b

    • SHA1

      941562607f6a05b01ad0c54c669d0b111dea5df5

    • SHA256

      d5c6bd4ad0832e3cbc33842ea3741c2fa62d3eee5d40cbbda075dea50cfe5174

    • SHA512

      e2018b5c8934efb960cb1ea3e72bf6abbe369d8e45131c2422ae5a2807f569a229e3db11e493a4a658d7857c40680c0fb0c75652d32f8c738f212da9808e106a

    • SSDEEP

      384:KYzBnIs6+VqEDZZgzUlGKQ5u5sbOKJTFt5kOy2gMO2B02UtLIYiaxe8E9VF0NyxI:zzOsrsrKQYa3BFI/18Yi2NEGJ/

    Score
    1/10
    • Target

      Mozilla Firefox/defaults/pref/channel-prefs.js

    • Size

      429B

    • MD5

      3d84d108d421f30fb3c5ef2536d2a3eb

    • SHA1

      0f3b02737462227a9b9e471f075357c9112f0a68

    • SHA256

      7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

    • SHA512

      76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

    Score
    3/10
    • Target

      Mozilla Firefox/firefox.exe

    • Size

      7.7MB

    • MD5

      fb6cfadcb6f8c942d0e08e3132e2d4b4

    • SHA1

      f2f1c3c305b38dc820da77ef1bc744df7b96f6be

    • SHA256

      4309afefeaff92ac85c54b6940b62c9ec342909eb45263520f053bff28c7217a

    • SHA512

      22292be72b3251aadd91a103d15dd1e1ab119d82decabbd3fa7cf9dda359b9ad3e99727d678892e35805b88bed11766d68268ffc22b5ff259f6ad2e8cd0f561b

    • SSDEEP

      196608:fDD+kdTwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWF:r5+IHL7HmBYXrYoaUNq

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      Mozilla Firefox/freebl3.dll

    • Size

      1006KB

    • MD5

      a778f7c0c81ce2cc50606b3a4f38341f

    • SHA1

      2519300e36b067cd1f33643ca080b41ce93acd19

    • SHA256

      fb228c3b23eef48589db407066b9e868500c8a8008ee5927e936ce4035d53c6a

    • SHA512

      dcd5eb8e7f221df5c9857964368a8bb9dfbacd6008c864b780c49f5a38c51226cb13b6e3b40ab8103cb2dad594f65fe5bec28edb9ca3326cc0676774d02d4aa1

    • SSDEEP

      24576:NPtw9ZYXnCaRZOAKa6GMPgXMwJK8MQgBKVkLu9+hU4:NPu9ZYXnNR8GM2nwBKVkL3l

    Score
    1/10
    • Target

      Mozilla Firefox/gkcodecs.dll

    • Size

      9.1MB

    • MD5

      f254c7b210119b9598aaa3936c665afc

    • SHA1

      2ee33229143a07db083c4d36fd01c50e728548ec

    • SHA256

      08d93e40822907014308fda870d64bb36f975f30f0736972c82c436b1f469778

    • SHA512

      7490805cbda38f787863565f422ee2cecac39aafad6648848c3f919b50a4dc88c94906995822e0626e40a5513c5c0bc73cc9bb6bb9b485b3a4797560eb76fbf4

    • SSDEEP

      98304:aagWbdPga9b2GsMes0GUey4KWGLM9buEKaCpJUmgUvmQ+ONg4EJ:aago99bphutvpj5YOZ2

    Score
    1/10
    • Target

      Mozilla Firefox/gmp-clearkey/0.1/clearkey.dll

    • Size

      103KB

    • MD5

      9b826e7d081e97859cb1356e7c7281d6

    • SHA1

      7a32d1dadca5315b9ec542ac81d9e50b6b6530f2

    • SHA256

      232173ff106a8ae242af780d6d9f3909a604b7ab32973b6128d340ce070fc128

    • SHA512

      79b9a1348ee2420d768d746be971e6cc055f7b6054b65e2ddd865c90b243db5ec743db0db10f8a23eed9d78bb8403ce6bfaf6f6bb740b73f613360cf72f4000f

    • SSDEEP

      1536:890zl7NrZHLjJRluQRk+/SabVx9lGShaYknRkWLnh+99CPccdH734b7gMx:890J7Nr5E4x9aYkuWLh+99CPlJ734bRx

    Score
    1/10
    • Target

      Mozilla Firefox/ipcclientcerts.dll

    • Size

      207KB

    • MD5

      77139d276522ca4eb8cb7cf1045e4cc3

    • SHA1

      d57380630462043baf422940f85c5a59758f5403

    • SHA256

      9713843b6d89baa4641ca7dd9e79135efab29d49ce6913d645bfbeafce8e35f5

    • SHA512

      7dcd525f067e63025f1fefd0fc20387a74a3e40c11d719f4adb907c77af8a221d40d2141ddbfd585ca2223ddcfaa21db8fa0ba15e83727c90580e8f1dc667804

    • SSDEEP

      3072:N25QMggcYQdWQdlO52W7PAti0s1T0mRVob/KOlzRBM2TX3xs:NbMggcYQoQ3c0i0Q0mbePxRBM22

    Score
    1/10
    • Target

      Mozilla Firefox/lgpllibs.dll

    • Size

      153KB

    • MD5

      401eb7bba880391adbcf7b0afb011c0e

    • SHA1

      f2486d75bf109c7cb282742a9325d85736982390

    • SHA256

      f08d3b747caeea357be4b15d95a8611565ce0a6bf0feae3368500d18eef99aa3

    • SHA512

      68b4164a42b3feead05d8aac5029f1ed90b8b98ce36aabc73759d120864ebc5a4276d934ec8e81cce5b6e0ef2406f803cfce4cc2be2d498092b2b6a67f9a0cbd

    • SSDEEP

      3072:wY8rVSYZ3QC5upXTeWjg4hD0cNUlKjDMdDtieRtLITjQ6zWgkXSnTxWoR9w5Q9:6rVSYZ3cpD7g7CUMjDyNtMTjQ6zWgkXM

    Score
    1/10
    • Target

      Mozilla Firefox/libEGL.dll

    • Size

      47KB

    • MD5

      f5a6241840226aa70ea9c670747401c6

    • SHA1

      50374fcb3b319df3b55a45d8b4992560ba13043d

    • SHA256

      2b9d08662e34f5d5121492d5dead6668feb6f729369a4f9635657b3da845cd5a

    • SHA512

      de6cdf0c9c161acd958346455cbbc300ade1b5ba96ec5dd05817b269a2a08f8ac17578b63b956dda8bf79ba7e1516091587db3bc55a4dcd9a92df4915fad4a20

    • SSDEEP

      768:Tb7b/CPiM+0eWm+xDJk2rk2MadMs8Yi2NEGs:Tb//C6MMWTxDJk2rk29dMV7gs

    Score
    1/10
    • Target

      Mozilla Firefox/libGLESv2.dll

    • Size

      4.8MB

    • MD5

      bc4e256d3c6115bfaab4d0d953f108b1

    • SHA1

      ea6df86acf060a9a99b1a99ffecfa56afe6ea8ce

    • SHA256

      5abba83a58c838e3e6d28debae466d58d4447aef7a14ad88402f91c3caae6a08

    • SHA512

      031171b2612534ee4c949c68417a1a45b7d8948ecabf887e3bad42730f36271a156f80af8333efbc7dcba33fecd30159cb88c20c3e143146cdf31518b6f83cdd

    • SSDEEP

      49152:dlL+tHrdLf9Hw4SwDv9QCdeObQHTIUfKsRkaW87mon1eG10hxpjQFiCmUahq/OZb:gfCNQbwRCox0hn3

    Score
    1/10
    • Target

      Mozilla Firefox/maintenanceservice.exe

    • Size

      272KB

    • MD5

      933b72d5ab4d0a2e3e3cf71efecb4546

    • SHA1

      60d20d0b9e7d466bfe72d2c3a57c7029e40ed1f0

    • SHA256

      3a37547504b85862bcb6460dd346eb34473d92e3a159889ba4d9f77f75d22005

    • SHA512

      3db6fac8d5b9d197b0c36542769d8f8903ea76b580e81ec760ae9723dcbc5f1a14bbe908193b148a6154b5cf3737d5fc61b671a66cbef63b9dd789e3bc31da3c

    • SSDEEP

      6144:HbATIkGVhU/9/OYIb5iA1WYwldzJ4sfJCPc:UIkGVhMmYC1WYC8cWc

    Score
    1/10
    • Target

      Mozilla Firefox/maintenanceservice_installer.exe

    • Size

      184KB

    • MD5

      375fa830b43d7eaf2ac453417028b07a

    • SHA1

      c9c3e3748de7157ff2be480511ddb76fa3b9cf60

    • SHA256

      a98f5c087a8c7fffc7e7de8c579d68008f343493e25338767b1f7e4296e62d85

    • SHA512

      0f0b7bcab6695ef5ab3ae105020e0fd7392f6865b1bd64f9296550448db144c4f276b9fbd61ee4f417e7e377cb7b2272d3613310acef311dbca2c6266378a882

    • SSDEEP

      3072:sNRCywDw1DiJkuKUNRD5bdb4g2Lem7y6tuU/RDObU7y4jem7y6tJS:sT4DteUjD514Z9oU5DOY7y4j9O

    Score
    4/10
    • Target

      Mozilla Firefox/mozwer.dll

    • Size

      322KB

    • MD5

      4775440d49288b74ca62248c5ddd2688

    • SHA1

      76aa7ec42dacd43d0716548b0f69f60be403cbe8

    • SHA256

      0514472e490a5740f81c2ac139aef021231f8257ae608c6c8cc68b840e66faa4

    • SHA512

      74f53d79716ebecb3974a373e13d850b1c736bcac38a160d83359d1c8012e0c36fc9cbb179359fd8cf0351b663d354b8568bc71d2653fd1bc0694f0020862fa2

    • SSDEEP

      6144:IIsMVcLwsxNIH5itpk+ItF/zSRiyou/88z3PU52N:If48IZitpirbSRiyN8w38E

    Score
    1/10
    • Target

      Mozilla Firefox/msvcp140.dll

    • Size

      559KB

    • MD5

      c3d497b0afef4bd7e09c7559e1c75b05

    • SHA1

      295998a6455cc230da9517408f59569ea4ed7b02

    • SHA256

      1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98

    • SHA512

      d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386

    • SSDEEP

      12288:mPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDaM:sqwpzSFJQEKZm+jWodEEq9

    Score
    1/10
    • Target

      Mozilla Firefox/nmhproxy.exe

    • Size

      564KB

    • MD5

      31c478626c28e7811152d4020e495d95

    • SHA1

      5d83606c1afa3fd344833d5a618d675ef60e398b

    • SHA256

      2a4f1cff9391849d0b3f9fc1d87cd7895357a55f1042f8bf8d039d7633e30c51

    • SHA512

      6fb2a3f5d916d4a9baddaee86df9163cc77379d68119df2b1bd4d8c47388fda20d497c2c7286f1d7d04472adac96a77318dad6d990ce442e8da3d315bb87376e

    • SSDEEP

      6144:/QsNG3Nc0l2sN3yVY+lHEiE5BKcC0E1mc9Puv9Ib3o3/PA7hAMK:/QWG3NCkGxE2sImEPuv9R/P06MK

    Score
    1/10
    • Target

      Mozilla Firefox/notificationserver.dll

    • Size

      60KB

    • MD5

      374671ccb4774aef119358e24b42d29c

    • SHA1

      a7fc4b2498c1d6a57f92ccb6e8ed96336263e1a5

    • SHA256

      8fd24766af68ff4b20acfb91cac2ebbcd4ef5d1a2a9be51457b721e47bcb67e4

    • SHA512

      f72f2be4c23ea5782a2e7d34e446e2f2c570e06ddcb68965f246fd7c942566e642956f6dbed168f51bae55456fdf4cf52f17ae8a4598d034a05333e727ef5463

    • SSDEEP

      768:pXEcw9jyM4IP2Oqwcx/TSzVb94zJt4+tuk1UjSwm9gI8l8Yi2NEG53Q:pXEN4O2nworgHQJ9tRa3meI8m7g+

    Score
    1/10
    • Target

      Mozilla Firefox/nss3.dll

    • Size

      2.6MB

    • MD5

      94294f1648e6f0954de3a956732adafe

    • SHA1

      cf0b3928395948f4b9e6f67b5b6f55873399d152

    • SHA256

      9b1b5e5a2a1e78826f8b7d1fe6c3c41365c2f00b72132c83bc03fdff8c797455

    • SHA512

      d54102ab9905d16c30b6f03dd584998ece77dec5f87bfa43dc31f874490499d4546498579b1aced8f201a6d9fbc1c56620cf6d35c41535ef8c79fc6165c5c80c

    • SSDEEP

      49152:Zk6tp8IkHmFb9KSqTx2UJPc9Bufp6PBTvtRzGuF0/ds4fTc4PRiTLvlAbEuBKPSJ:b46R6T4UePBTFRSuOlTccQvlAwPndw+a

    Score
    1/10
    • Target

      Mozilla Firefox/nssckbi.dll

    • Size

      372KB

    • MD5

      57eb39c932219c5d9f4af4b67a0d53b8

    • SHA1

      4e6d7383397ddcb48ec8148c989cad60c7696674

    • SHA256

      633856bfab5401523cffe653fb20f3c78c7462f002ba237e5dcbebbfe9dc36c0

    • SHA512

      53bf7c3fb6d68f62f649bd8469068fd4030f936551fd9f74ac3a25614ae028ea8bdec08c832f5c8c5f5bac81b064d9bfead53e741939c0884062c1f569b3d169

    • SSDEEP

      6144:3M1O98ckbKsSxJ8U2pViGJ243x208cGLbTS6tppcmoK6MQ297HZKMdC:3Ag8dSJ8Um24h2DvLxtpp6EQ215Kv

    Score
    1/10
    • Target

      Mozilla Firefox/osclientcerts.dll

    • Size

      357KB

    • MD5

      289ee8ce164f1e2f91000a54f70bca17

    • SHA1

      ba8d53656e91a5c71d38bd8a36486f4d56bc6486

    • SHA256

      fe05208558e65192c5df8dd503d7164cb0ddd9bb093a21ceb62aa7c27048281d

    • SHA512

      86f047e3ef2d3f4f723f9646228ef95a100e76ba076474eb1a0a805ab3b507c76f143b8dae6e40db6391983a7f554d9b2082b3a821b98e28b821f52c7ffb3b3e

    • SSDEEP

      6144:CfYb/AoYv6cV2Y8lSYKZTfmrfjewRdYyO8Amxa05q8DEOr:L/597KZTe3bRiyOtt8DES

    Score
    1/10
    • Target

      Mozilla Firefox/pingsender.exe

    • Size

      79KB

    • MD5

      5879f47cd26ed028de23b592b76602f3

    • SHA1

      e90af476632f83446f343b1f0382b01263985534

    • SHA256

      a101093bc59c761293108363a90386b5cf3c2b1ffc555c7ecb474d5ec1db32a7

    • SHA512

      6961b21f012b6fcd9d402d8f473416a6f4a5de4c996ccfc53362e38dd2ecf29f6a0afaff75af36f1ee016bac8735a716e3aa7e5050ac2306f22f8bf752914840

    • SSDEEP

      1536:lUlDeeULF7APuHmWr9lTbP0HgLOlCRn6dhaORp7gfE:lUseeAPwmWZl6k9h2aORpME

    Score
    3/10
    • Target

      Mozilla Firefox/plugin-container.exe

    • Size

      138KB

    • MD5

      ef58f72dd4880de7fce9cf63d55b3355

    • SHA1

      e3f07d3eb6dacf17a7b99f365e6b11498d9298a0

    • SHA256

      0a55510ec619f418c0515d7de81f4660aac8ee19cf1fb20961cbc7d7d5ba3191

    • SHA512

      23d31119838cd60d07a25d0fe5be3f7361e9802f95a1c3d98498a795faafc370e4b2a8c61102075f802958841e0ae9c0936946989006f458f46ac57e1df8d0d5

    • SSDEEP

      3072:YnHt1tRQN2qX4q1O78EPSV0ywPHRpX/k5292Ly0eK53z:YNPSTO7I0yUX30NB

    Score
    1/10
    • Target

      Mozilla Firefox/private_browsing.exe

    • Size

      64KB

    • MD5

      b5f242e6303e5e1474e68afce1898afe

    • SHA1

      93ff527599c396e33bd4acf5854188b6afde9b60

    • SHA256

      808b3c732efcedd04342dd4835c9f2883e1d0da8d0eb9f09e103963ff7357490

    • SHA512

      dda0c03ee4288c734bd6ca28b2471d30b76cd6a4dce1c3ece0a0467867639a11ecb7f029251e3869c6410188b00d627d6e9c5027c22dd3246bcf9ab60ec5030c

    • SSDEEP

      768:PbvIiBzJBlK6Ks8ecEr5DWrXSHaJf8qffCPD2FliAut8Uavcdr8Yi2NEGn:TvIgzJ/aLs5DWrC6JEqnCr2jEYEw7gn

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

    • Enumerates processes with tasklist

    • Hide Artifacts: Hidden Files and Directories

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

static1

blankgrabber
Score
10/10

behavioral1

persistenceprivilege_escalation
Score
5/10

behavioral2

execution
Score
3/10

behavioral3

execution
Score
3/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

upx
Score
7/10

behavioral10

collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
Score
8/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

discovery
Score
4/10

behavioral20

discovery
Score
4/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
Score
8/10