General
-
Target
Built.exe
-
Size
7.4MB
-
Sample
250109-nnv1ssymfz
-
MD5
3933d764176a632df00b820bf7d13757
-
SHA1
ffbac0367e966d0b91d7a4c6881498d59bca2e47
-
SHA256
f726ebf07d6a0ca55098e09d99f19fde83aca6cd249a5d45c4e78fc3d5d150f8
-
SHA512
55afbda9a9c2eaa1f299350a2c6ddba0b9fc475e3ab79d39046897531607b7effb4c032adf259a46043b09192488805f660eede8c676d51e9c80c8c1970e941f
-
SSDEEP
98304:MpSi8TRnGurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EBKhOh112mJp:MwmurErvI9pWjgfPvzm6gsFE44frt
Malware Config
Targets
-
-
Target
Built.exe
-
Size
7.4MB
-
MD5
3933d764176a632df00b820bf7d13757
-
SHA1
ffbac0367e966d0b91d7a4c6881498d59bca2e47
-
SHA256
f726ebf07d6a0ca55098e09d99f19fde83aca6cd249a5d45c4e78fc3d5d150f8
-
SHA512
55afbda9a9c2eaa1f299350a2c6ddba0b9fc475e3ab79d39046897531607b7effb4c032adf259a46043b09192488805f660eede8c676d51e9c80c8c1970e941f
-
SSDEEP
98304:MpSi8TRnGurErvz81LpWjjUa50ZtPvYRt2e4GFNGjfzfbIbApJo4EBKhOh112mJp:MwmurErvI9pWjgfPvzm6gsFE44frt
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
�3�c&��.pyc
-
Size
1KB
-
MD5
e7cd588c86d26528c48c33caac052f8f
-
SHA1
b6f1f2c701ce78fa8381e39c1a944f120a5ef6fc
-
SHA256
6b51f743dd92db3e263557701cf33e588c06e9cbf6b61d7be155fa419406c27d
-
SHA512
033a20622db8f8c43e069d3457f6038ae4b2c4ad7bf64876e339e665d42a0b0c6b71987a691d136c5461ca1d08e43ea05c6c36f690ce8d7f6650ac9ad37819c7
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3