General
-
Target
Games.exe
-
Size
7.6MB
-
Sample
250113-y1rt1syncn
-
MD5
5a63730ddd02e4989b56190e1de85a07
-
SHA1
089adde2832dc6103c98220eb8b0bdafe8c74d07
-
SHA256
2324685434befd2a0c236ba3672b7419856712568ef81ec10e371803e39e43f1
-
SHA512
f2a4bdd256e837608beaf81ce30ddd237761e667bbfa2a664c1687d24e4fae722801f6ed03ba94f90076f9e7d9c69d780afdb1f58dc585ff59d40222a9a647ff
-
SSDEEP
196608:/nD+kdvwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWT:/5qIHL7HmBYXrYoaUNU
Malware Config
Targets
-
-
Target
Games.exe
-
Size
7.6MB
-
MD5
5a63730ddd02e4989b56190e1de85a07
-
SHA1
089adde2832dc6103c98220eb8b0bdafe8c74d07
-
SHA256
2324685434befd2a0c236ba3672b7419856712568ef81ec10e371803e39e43f1
-
SHA512
f2a4bdd256e837608beaf81ce30ddd237761e667bbfa2a664c1687d24e4fae722801f6ed03ba94f90076f9e7d9c69d780afdb1f58dc585ff59d40222a9a647ff
-
SSDEEP
196608:/nD+kdvwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNWT:/5qIHL7HmBYXrYoaUNU
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-