Resubmissions

09/01/2025, 16:57

250109-vgczzaxkep 9

09/01/2025, 16:54

250109-vez2qaxkck 9

General

  • Target

    Twist Spoofer V.2.rar

  • Size

    5.0MB

  • Sample

    250109-vez2qaxkck

  • MD5

    247fae93cf5dab2ca6c98e23851ec9e0

  • SHA1

    f0c9981de3f80b29773871e3027378418cbfa772

  • SHA256

    2bdd3f2687c741914ef795ea2d996fa7df6507fd612adff54f49b39b343b952e

  • SHA512

    29bbb670a36be11b2fabf1fd9f1cc97084e659ab1eb9bf33f2c770295b8501663c82693f02191579ff095da7c4b34b9279426a970e6aeb5fbce1e06e17e4d01c

  • SSDEEP

    98304:5ie4zzlge+Pms3RImAnvu+hOEj8VLlAukT+3uEnSP0TeSNHcw:5ulT+PjI9vJhOw8H1nS6evw

Malware Config

Targets

    • Target

      Twist Spoofer V.2.exe

    • Size

      2.9MB

    • MD5

      f2bb0da0031d7369c104437e43db4f5d

    • SHA1

      a531734ed49630ebe404ebc4dad180b86e2e9642

    • SHA256

      86c60180c1e05a877a7b5e4b4ad5a8627e5a5373874d2ce53f5e55c72b24651f

    • SHA512

      a0eef9ddb72e96f27c489fd2c942d4a31876f468683d10e729aa625cf077dad23515ab43ed1c0679ccd82762879a5bad6c2d4de5bfb2a9a645949fecb1b75d27

    • SSDEEP

      49152:bsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:dqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks