Overview
overview
10Static
static
10Mozilla Fi...al.dll
windows10-2004-x64
5Mozilla Fi...org.js
windows7-x64
3Mozilla Fi...org.js
windows10-2004-x64
3Mozilla Fi...er.exe
windows7-x64
1Mozilla Fi...er.exe
windows10-2004-x64
1Mozilla Fi...nt.exe
windows10-2004-x64
1Mozilla Fi...efs.js
windows7-x64
3Mozilla Fi...efs.js
windows10-2004-x64
3Mozilla Fi...ox.exe
windows7-x64
7Mozilla Fi...ox.exe
windows10-2004-x64
8Mozilla Fi...l3.dll
windows10-2004-x64
1Mozilla Fi...cs.dll
windows10-2004-x64
1Mozilla Fi...ey.dll
windows10-2004-x64
1Mozilla Fi...ts.dll
windows10-2004-x64
1Mozilla Fi...bs.dll
windows10-2004-x64
1Mozilla Fi...GL.dll
windows10-2004-x64
1Mozilla Fi...v2.dll
windows10-2004-x64
1Mozilla Fi...ce.exe
windows10-2004-x64
1Mozilla Fi...er.exe
windows7-x64
4Mozilla Fi...er.exe
windows10-2004-x64
4Mozilla Fi...er.dll
windows10-2004-x64
1Mozilla Fi...40.dll
windows7-x64
1Mozilla Fi...40.dll
windows10-2004-x64
1Mozilla Fi...xy.exe
windows7-x64
1Mozilla Fi...xy.exe
windows10-2004-x64
1Mozilla Fi...er.dll
windows10-2004-x64
1Mozilla Fi...s3.dll
windows10-2004-x64
1Mozilla Fi...bi.dll
windows10-2004-x64
1Mozilla Fi...ts.dll
windows10-2004-x64
1Mozilla Fi...er.exe
windows10-2004-x64
3Mozilla Fi...er.exe
windows10-2004-x64
1Mozilla Fi...ng.exe
windows10-2004-x64
8General
-
Target
Mozilla Firefox.zip
-
Size
104.9MB
-
Sample
250108-a87y7swqfy
-
MD5
652262cea813d8125fc12fdd6ac4afd1
-
SHA1
875109352bfda6dbaac4f8e8076dbd8ee849637b
-
SHA256
656eb4d10487e855a11b88e487b887e88f8d3540f14c6a08869e83f8c2d5e13f
-
SHA512
ff9d9d65b4daf8bb7bc0de19062b9f0dd4384459e8cf48c3eac3c6f13857289076d5d0da92eda566e0971129228d366ecff5bcbd4e916e66fa2ef1fa40b5ecc5
-
SSDEEP
3145728:yc056vnwWDJcI9W6Mnm+pdLF4E/7qNBmss0uTKg:ycq6vnrlnWxNqd42uZ
Behavioral task
behavioral1
Sample
Mozilla Firefox/AccessibleMarshal.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
Mozilla Firefox/browser/features/[email protected]
Resource
win7-20240903-en
Behavioral task
behavioral3
Sample
Mozilla Firefox/browser/features/[email protected]
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
Mozilla Firefox/crashreporter.exe
Resource
win7-20240729-en
Behavioral task
behavioral5
Sample
Mozilla Firefox/crashreporter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
Mozilla Firefox/default-browser-agent.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Mozilla Firefox/defaults/pref/channel-prefs.js
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
Mozilla Firefox/defaults/pref/channel-prefs.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Mozilla Firefox/firefox.exe
Resource
win7-20241023-en
Behavioral task
behavioral10
Sample
Mozilla Firefox/firefox.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Mozilla Firefox/freebl3.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
Mozilla Firefox/gkcodecs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Mozilla Firefox/gmp-clearkey/0.1/clearkey.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
Mozilla Firefox/ipcclientcerts.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Mozilla Firefox/lgpllibs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
Mozilla Firefox/libEGL.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Mozilla Firefox/libGLESv2.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
Mozilla Firefox/maintenanceservice.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Mozilla Firefox/maintenanceservice_installer.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
Mozilla Firefox/maintenanceservice_installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Mozilla Firefox/mozwer.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
Mozilla Firefox/msvcp140.dll
Resource
win7-20240903-en
Behavioral task
behavioral23
Sample
Mozilla Firefox/msvcp140.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
Mozilla Firefox/nmhproxy.exe
Resource
win7-20241010-en
Behavioral task
behavioral25
Sample
Mozilla Firefox/nmhproxy.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
Mozilla Firefox/notificationserver.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Mozilla Firefox/nss3.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
Mozilla Firefox/nssckbi.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
Mozilla Firefox/osclientcerts.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
Mozilla Firefox/pingsender.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
Mozilla Firefox/plugin-container.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
Mozilla Firefox/private_browsing.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Mozilla Firefox/AccessibleMarshal.dll
-
Size
31KB
-
MD5
fcdb5689943013c5409885e37cba4737
-
SHA1
c12ca81adf8343571aceb399d725790d124df88a
-
SHA256
c26c7cc9a9bfc874e6f1199497f6cde22d587464d80f66b4ff8d84ef47f7d44f
-
SHA512
3d0c1ffa00909dce56c7d634d1c5ce48490dd9ff689c5dfede984065a79c5f9d942e26e15f35c1060a55810d07a7f3200c305b24cc939b785d0417d92f625ee6
-
SSDEEP
384:IGz3JfaZbhaO1aOS/viqmGeUMc25dYj3ph2UtLIYiaxe8E9VF0NyxSJIVmp0pD:f3JfaZbhaManvbmGeq2gTr8Yi2NEGY
Score5/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
Mozilla Firefox/browser/features/[email protected]
-
Size
448KB
-
MD5
faef700dfbfa31ebe833627b5dd04d2a
-
SHA1
a593a9f3851cb3dece608172299634f63e742028
-
SHA256
ebb9e4d6232eb6451ecf3fcb140bd94b415bec0f4b416fa16ee5695fe2f2151a
-
SHA512
63ff6ea7e71276676d736d884b0e31ec200e592c77dbf18ac3114959bb77389054a48c1050624f1c8a4e7b4abe74565c7c7716fb463f0a953c25599caeaeb142
-
SSDEEP
3072:y7bV/ihk+/W0RLL8UHKHgWmPm1dFrgcnMf2XoJ3sHZ1Dpa1x:y4/HLAUHKgnPm1dFrgIID3s/paL
Score3/10 -
-
-
Target
Mozilla Firefox/crashreporter.exe
-
Size
3.4MB
-
MD5
4a47088c6ea24e485140b65f8ff3a800
-
SHA1
e29da6dcd0bfd1021993eec9be0c5a0a25a56fd9
-
SHA256
7e6a2061238a6b39ee36db89604b2ca2b73e6b5489d10ff1157e39141bb87797
-
SHA512
992cdb90231276a90170b180d692d17576282965c99e3fc89a480594d7068bfee0e62a4c672126677fef40cceefabb4f5baa990b2d8fb46b92559ce6e7be3fca
-
SSDEEP
49152:NMVov78Xkr4NXFf/3PPA/iBb/3mr1NVfBn+HRTXlVLhmmixHg:6VHj/KaufZ+RrXLhmJK
Score1/10 -
-
-
Target
Mozilla Firefox/default-browser-agent.exe
-
Size
33KB
-
MD5
957b376311b114608465e157c114d49b
-
SHA1
941562607f6a05b01ad0c54c669d0b111dea5df5
-
SHA256
d5c6bd4ad0832e3cbc33842ea3741c2fa62d3eee5d40cbbda075dea50cfe5174
-
SHA512
e2018b5c8934efb960cb1ea3e72bf6abbe369d8e45131c2422ae5a2807f569a229e3db11e493a4a658d7857c40680c0fb0c75652d32f8c738f212da9808e106a
-
SSDEEP
384:KYzBnIs6+VqEDZZgzUlGKQ5u5sbOKJTFt5kOy2gMO2B02UtLIYiaxe8E9VF0NyxI:zzOsrsrKQYa3BFI/18Yi2NEGJ/
Score1/10 -
-
-
Target
Mozilla Firefox/defaults/pref/channel-prefs.js
-
Size
429B
-
MD5
3d84d108d421f30fb3c5ef2536d2a3eb
-
SHA1
0f3b02737462227a9b9e471f075357c9112f0a68
-
SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b
-
SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5
Score3/10 -
-
-
Target
Mozilla Firefox/firefox.exe
-
Size
7.7MB
-
MD5
fb6cfadcb6f8c942d0e08e3132e2d4b4
-
SHA1
f2f1c3c305b38dc820da77ef1bc744df7b96f6be
-
SHA256
4309afefeaff92ac85c54b6940b62c9ec342909eb45263520f053bff28c7217a
-
SHA512
22292be72b3251aadd91a103d15dd1e1ab119d82decabbd3fa7cf9dda359b9ad3e99727d678892e35805b88bed11766d68268ffc22b5ff259f6ad2e8cd0f561b
-
SSDEEP
196608:fDD+kdTwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWF:r5+IHL7HmBYXrYoaUNq
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
-
-
Target
Mozilla Firefox/freebl3.dll
-
Size
1006KB
-
MD5
a778f7c0c81ce2cc50606b3a4f38341f
-
SHA1
2519300e36b067cd1f33643ca080b41ce93acd19
-
SHA256
fb228c3b23eef48589db407066b9e868500c8a8008ee5927e936ce4035d53c6a
-
SHA512
dcd5eb8e7f221df5c9857964368a8bb9dfbacd6008c864b780c49f5a38c51226cb13b6e3b40ab8103cb2dad594f65fe5bec28edb9ca3326cc0676774d02d4aa1
-
SSDEEP
24576:NPtw9ZYXnCaRZOAKa6GMPgXMwJK8MQgBKVkLu9+hU4:NPu9ZYXnNR8GM2nwBKVkL3l
Score1/10 -
-
-
Target
Mozilla Firefox/gkcodecs.dll
-
Size
9.1MB
-
MD5
f254c7b210119b9598aaa3936c665afc
-
SHA1
2ee33229143a07db083c4d36fd01c50e728548ec
-
SHA256
08d93e40822907014308fda870d64bb36f975f30f0736972c82c436b1f469778
-
SHA512
7490805cbda38f787863565f422ee2cecac39aafad6648848c3f919b50a4dc88c94906995822e0626e40a5513c5c0bc73cc9bb6bb9b485b3a4797560eb76fbf4
-
SSDEEP
98304:aagWbdPga9b2GsMes0GUey4KWGLM9buEKaCpJUmgUvmQ+ONg4EJ:aago99bphutvpj5YOZ2
Score1/10 -
-
-
Target
Mozilla Firefox/gmp-clearkey/0.1/clearkey.dll
-
Size
103KB
-
MD5
9b826e7d081e97859cb1356e7c7281d6
-
SHA1
7a32d1dadca5315b9ec542ac81d9e50b6b6530f2
-
SHA256
232173ff106a8ae242af780d6d9f3909a604b7ab32973b6128d340ce070fc128
-
SHA512
79b9a1348ee2420d768d746be971e6cc055f7b6054b65e2ddd865c90b243db5ec743db0db10f8a23eed9d78bb8403ce6bfaf6f6bb740b73f613360cf72f4000f
-
SSDEEP
1536:890zl7NrZHLjJRluQRk+/SabVx9lGShaYknRkWLnh+99CPccdH734b7gMx:890J7Nr5E4x9aYkuWLh+99CPlJ734bRx
Score1/10 -
-
-
Target
Mozilla Firefox/ipcclientcerts.dll
-
Size
207KB
-
MD5
77139d276522ca4eb8cb7cf1045e4cc3
-
SHA1
d57380630462043baf422940f85c5a59758f5403
-
SHA256
9713843b6d89baa4641ca7dd9e79135efab29d49ce6913d645bfbeafce8e35f5
-
SHA512
7dcd525f067e63025f1fefd0fc20387a74a3e40c11d719f4adb907c77af8a221d40d2141ddbfd585ca2223ddcfaa21db8fa0ba15e83727c90580e8f1dc667804
-
SSDEEP
3072:N25QMggcYQdWQdlO52W7PAti0s1T0mRVob/KOlzRBM2TX3xs:NbMggcYQoQ3c0i0Q0mbePxRBM22
Score1/10 -
-
-
Target
Mozilla Firefox/lgpllibs.dll
-
Size
153KB
-
MD5
401eb7bba880391adbcf7b0afb011c0e
-
SHA1
f2486d75bf109c7cb282742a9325d85736982390
-
SHA256
f08d3b747caeea357be4b15d95a8611565ce0a6bf0feae3368500d18eef99aa3
-
SHA512
68b4164a42b3feead05d8aac5029f1ed90b8b98ce36aabc73759d120864ebc5a4276d934ec8e81cce5b6e0ef2406f803cfce4cc2be2d498092b2b6a67f9a0cbd
-
SSDEEP
3072:wY8rVSYZ3QC5upXTeWjg4hD0cNUlKjDMdDtieRtLITjQ6zWgkXSnTxWoR9w5Q9:6rVSYZ3cpD7g7CUMjDyNtMTjQ6zWgkXM
Score1/10 -
-
-
Target
Mozilla Firefox/libEGL.dll
-
Size
47KB
-
MD5
f5a6241840226aa70ea9c670747401c6
-
SHA1
50374fcb3b319df3b55a45d8b4992560ba13043d
-
SHA256
2b9d08662e34f5d5121492d5dead6668feb6f729369a4f9635657b3da845cd5a
-
SHA512
de6cdf0c9c161acd958346455cbbc300ade1b5ba96ec5dd05817b269a2a08f8ac17578b63b956dda8bf79ba7e1516091587db3bc55a4dcd9a92df4915fad4a20
-
SSDEEP
768:Tb7b/CPiM+0eWm+xDJk2rk2MadMs8Yi2NEGs:Tb//C6MMWTxDJk2rk29dMV7gs
Score1/10 -
-
-
Target
Mozilla Firefox/libGLESv2.dll
-
Size
4.8MB
-
MD5
bc4e256d3c6115bfaab4d0d953f108b1
-
SHA1
ea6df86acf060a9a99b1a99ffecfa56afe6ea8ce
-
SHA256
5abba83a58c838e3e6d28debae466d58d4447aef7a14ad88402f91c3caae6a08
-
SHA512
031171b2612534ee4c949c68417a1a45b7d8948ecabf887e3bad42730f36271a156f80af8333efbc7dcba33fecd30159cb88c20c3e143146cdf31518b6f83cdd
-
SSDEEP
49152:dlL+tHrdLf9Hw4SwDv9QCdeObQHTIUfKsRkaW87mon1eG10hxpjQFiCmUahq/OZb:gfCNQbwRCox0hn3
Score1/10 -
-
-
Target
Mozilla Firefox/maintenanceservice.exe
-
Size
272KB
-
MD5
933b72d5ab4d0a2e3e3cf71efecb4546
-
SHA1
60d20d0b9e7d466bfe72d2c3a57c7029e40ed1f0
-
SHA256
3a37547504b85862bcb6460dd346eb34473d92e3a159889ba4d9f77f75d22005
-
SHA512
3db6fac8d5b9d197b0c36542769d8f8903ea76b580e81ec760ae9723dcbc5f1a14bbe908193b148a6154b5cf3737d5fc61b671a66cbef63b9dd789e3bc31da3c
-
SSDEEP
6144:HbATIkGVhU/9/OYIb5iA1WYwldzJ4sfJCPc:UIkGVhMmYC1WYC8cWc
Score1/10 -
-
-
Target
Mozilla Firefox/maintenanceservice_installer.exe
-
Size
184KB
-
MD5
375fa830b43d7eaf2ac453417028b07a
-
SHA1
c9c3e3748de7157ff2be480511ddb76fa3b9cf60
-
SHA256
a98f5c087a8c7fffc7e7de8c579d68008f343493e25338767b1f7e4296e62d85
-
SHA512
0f0b7bcab6695ef5ab3ae105020e0fd7392f6865b1bd64f9296550448db144c4f276b9fbd61ee4f417e7e377cb7b2272d3613310acef311dbca2c6266378a882
-
SSDEEP
3072:sNRCywDw1DiJkuKUNRD5bdb4g2Lem7y6tuU/RDObU7y4jem7y6tJS:sT4DteUjD514Z9oU5DOY7y4j9O
Score4/10 -
-
-
Target
Mozilla Firefox/mozwer.dll
-
Size
322KB
-
MD5
4775440d49288b74ca62248c5ddd2688
-
SHA1
76aa7ec42dacd43d0716548b0f69f60be403cbe8
-
SHA256
0514472e490a5740f81c2ac139aef021231f8257ae608c6c8cc68b840e66faa4
-
SHA512
74f53d79716ebecb3974a373e13d850b1c736bcac38a160d83359d1c8012e0c36fc9cbb179359fd8cf0351b663d354b8568bc71d2653fd1bc0694f0020862fa2
-
SSDEEP
6144:IIsMVcLwsxNIH5itpk+ItF/zSRiyou/88z3PU52N:If48IZitpirbSRiyN8w38E
Score1/10 -
-
-
Target
Mozilla Firefox/msvcp140.dll
-
Size
559KB
-
MD5
c3d497b0afef4bd7e09c7559e1c75b05
-
SHA1
295998a6455cc230da9517408f59569ea4ed7b02
-
SHA256
1e57a6df9e3742e31a1c6d9bff81ebeeae8a7de3b45a26e5079d5e1cce54cd98
-
SHA512
d5c62fdac7c5ee6b2f84b9bc446d5b10ad1a019e29c653cfdea4d13d01072fdf8da6005ad4817044a86bc664d1644b98a86f31c151a3418be53eb47c1cfae386
-
SSDEEP
12288:mPeu+VwM4PRpJOc8hdGE0bphVSvefIJQEKZm+jWodEEVwDaM:sqwpzSFJQEKZm+jWodEEq9
Score1/10 -
-
-
Target
Mozilla Firefox/nmhproxy.exe
-
Size
564KB
-
MD5
31c478626c28e7811152d4020e495d95
-
SHA1
5d83606c1afa3fd344833d5a618d675ef60e398b
-
SHA256
2a4f1cff9391849d0b3f9fc1d87cd7895357a55f1042f8bf8d039d7633e30c51
-
SHA512
6fb2a3f5d916d4a9baddaee86df9163cc77379d68119df2b1bd4d8c47388fda20d497c2c7286f1d7d04472adac96a77318dad6d990ce442e8da3d315bb87376e
-
SSDEEP
6144:/QsNG3Nc0l2sN3yVY+lHEiE5BKcC0E1mc9Puv9Ib3o3/PA7hAMK:/QWG3NCkGxE2sImEPuv9R/P06MK
Score1/10 -
-
-
Target
Mozilla Firefox/notificationserver.dll
-
Size
60KB
-
MD5
374671ccb4774aef119358e24b42d29c
-
SHA1
a7fc4b2498c1d6a57f92ccb6e8ed96336263e1a5
-
SHA256
8fd24766af68ff4b20acfb91cac2ebbcd4ef5d1a2a9be51457b721e47bcb67e4
-
SHA512
f72f2be4c23ea5782a2e7d34e446e2f2c570e06ddcb68965f246fd7c942566e642956f6dbed168f51bae55456fdf4cf52f17ae8a4598d034a05333e727ef5463
-
SSDEEP
768:pXEcw9jyM4IP2Oqwcx/TSzVb94zJt4+tuk1UjSwm9gI8l8Yi2NEG53Q:pXEN4O2nworgHQJ9tRa3meI8m7g+
Score1/10 -
-
-
Target
Mozilla Firefox/nss3.dll
-
Size
2.6MB
-
MD5
94294f1648e6f0954de3a956732adafe
-
SHA1
cf0b3928395948f4b9e6f67b5b6f55873399d152
-
SHA256
9b1b5e5a2a1e78826f8b7d1fe6c3c41365c2f00b72132c83bc03fdff8c797455
-
SHA512
d54102ab9905d16c30b6f03dd584998ece77dec5f87bfa43dc31f874490499d4546498579b1aced8f201a6d9fbc1c56620cf6d35c41535ef8c79fc6165c5c80c
-
SSDEEP
49152:Zk6tp8IkHmFb9KSqTx2UJPc9Bufp6PBTvtRzGuF0/ds4fTc4PRiTLvlAbEuBKPSJ:b46R6T4UePBTFRSuOlTccQvlAwPndw+a
Score1/10 -
-
-
Target
Mozilla Firefox/nssckbi.dll
-
Size
372KB
-
MD5
57eb39c932219c5d9f4af4b67a0d53b8
-
SHA1
4e6d7383397ddcb48ec8148c989cad60c7696674
-
SHA256
633856bfab5401523cffe653fb20f3c78c7462f002ba237e5dcbebbfe9dc36c0
-
SHA512
53bf7c3fb6d68f62f649bd8469068fd4030f936551fd9f74ac3a25614ae028ea8bdec08c832f5c8c5f5bac81b064d9bfead53e741939c0884062c1f569b3d169
-
SSDEEP
6144:3M1O98ckbKsSxJ8U2pViGJ243x208cGLbTS6tppcmoK6MQ297HZKMdC:3Ag8dSJ8Um24h2DvLxtpp6EQ215Kv
Score1/10 -
-
-
Target
Mozilla Firefox/osclientcerts.dll
-
Size
357KB
-
MD5
289ee8ce164f1e2f91000a54f70bca17
-
SHA1
ba8d53656e91a5c71d38bd8a36486f4d56bc6486
-
SHA256
fe05208558e65192c5df8dd503d7164cb0ddd9bb093a21ceb62aa7c27048281d
-
SHA512
86f047e3ef2d3f4f723f9646228ef95a100e76ba076474eb1a0a805ab3b507c76f143b8dae6e40db6391983a7f554d9b2082b3a821b98e28b821f52c7ffb3b3e
-
SSDEEP
6144:CfYb/AoYv6cV2Y8lSYKZTfmrfjewRdYyO8Amxa05q8DEOr:L/597KZTe3bRiyOtt8DES
Score1/10 -
-
-
Target
Mozilla Firefox/pingsender.exe
-
Size
79KB
-
MD5
5879f47cd26ed028de23b592b76602f3
-
SHA1
e90af476632f83446f343b1f0382b01263985534
-
SHA256
a101093bc59c761293108363a90386b5cf3c2b1ffc555c7ecb474d5ec1db32a7
-
SHA512
6961b21f012b6fcd9d402d8f473416a6f4a5de4c996ccfc53362e38dd2ecf29f6a0afaff75af36f1ee016bac8735a716e3aa7e5050ac2306f22f8bf752914840
-
SSDEEP
1536:lUlDeeULF7APuHmWr9lTbP0HgLOlCRn6dhaORp7gfE:lUseeAPwmWZl6k9h2aORpME
Score3/10 -
-
-
Target
Mozilla Firefox/plugin-container.exe
-
Size
138KB
-
MD5
ef58f72dd4880de7fce9cf63d55b3355
-
SHA1
e3f07d3eb6dacf17a7b99f365e6b11498d9298a0
-
SHA256
0a55510ec619f418c0515d7de81f4660aac8ee19cf1fb20961cbc7d7d5ba3191
-
SHA512
23d31119838cd60d07a25d0fe5be3f7361e9802f95a1c3d98498a795faafc370e4b2a8c61102075f802958841e0ae9c0936946989006f458f46ac57e1df8d0d5
-
SSDEEP
3072:YnHt1tRQN2qX4q1O78EPSV0ywPHRpX/k5292Ly0eK53z:YNPSTO7I0yUX30NB
Score1/10 -
-
-
Target
Mozilla Firefox/private_browsing.exe
-
Size
64KB
-
MD5
b5f242e6303e5e1474e68afce1898afe
-
SHA1
93ff527599c396e33bd4acf5854188b6afde9b60
-
SHA256
808b3c732efcedd04342dd4835c9f2883e1d0da8d0eb9f09e103963ff7357490
-
SHA512
dda0c03ee4288c734bd6ca28b2471d30b76cd6a4dce1c3ece0a0467867639a11ecb7f029251e3869c6410188b00d627d6e9c5027c22dd3246bcf9ab60ec5030c
-
SSDEEP
768:PbvIiBzJBlK6Ks8ecEr5DWrXSHaJf8qffCPD2FliAut8Uavcdr8Yi2NEGn:TvIgzJ/aLs5DWrC6JEqnCr2jEYEw7gn
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Privilege Escalation
Event Triggered Execution
2Component Object Model Hijacking
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Process Discovery
1Query Registry
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
2Internet Connection Discovery
1Wi-Fi Discovery
1