Overview

overview

10

Static

static

10

ID TO TOKEN.exe

windows7-x64

7

ID TO TOKEN.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    enjoy.rar

  • Size

    7.5MB

  • Sample

    250111-m5f3jaxmdt

  • MD5

    4eecab6961595e48bbd4e53566f8716b

  • SHA1

    d253d453dc195c7f1ba07d4f6ed17b88a4a56e07

  • SHA256

    bf04d48cfb73aaa25b22a42f15eb5a408780578fbcd3801cd5517ec92a81e6d2

  • SHA512

    0d080d5d371b141df5ff4772ed29addbdd61daa2924d69915e98bef23dd88c645750dee0b20a149b14a50214af00375ec9b713a70544b9990ea87a8b9e660ddc

  • SSDEEP

    196608:j3KoywDoJYcPQqi8UhSZ+6Yz4d1CQdS8BdRonTC0iW:jaFwcmcPb3+md1DHRonTCI

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealerupx

Malware Config

Targets

    • Target

      ID TO TOKEN.exe

    • Size

      7.6MB

    • MD5

      950279fefb89905a1a73ac754f25fe80

    • SHA1

      d769ddfd606db053660a69d2f2e631b485316292

    • SHA256

      7aeac697142bf6f7539241954b9e2600507177446c65432c49e22bdc19fa3331

    • SHA512

      4a537bf2595562426360f144927b4a0d157ec56e2fe4944da05c6e37009d226a3af0f48f09fbd91db31bdd3a97504eac2e18a337856ca45e846e0e4d0a62d4a7

    • SSDEEP

      196608:IaD+kdbwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNW4:D52IHL7HmBYXrYoaUNT

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks