General
-
Target
Sender.exe
-
Size
9.0MB
-
Sample
250114-vt5krawmaj
-
MD5
5b25a79e9b96b0369ea325759135e043
-
SHA1
bb4c6c35965c2f7406d564de8bd5d489d03c13f5
-
SHA256
f9f90327321311cc2692c254634937d5eab4e4930598619d425ed095fd3f1b63
-
SHA512
002dff9c7d628a9493d6772dff35b58adae83ba56a4a182650c01dbe6681d71b7d6cc5ba6c66ac995e8b28b8534a013356bc744fd38667f231c90ff063ab3479
-
SSDEEP
98304:OhLvITBg6vamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz+as5J1n6ksB0rN9RhC:ONIWeNlpYfMQc2s8hn6ksqdhC
Malware Config
Targets
-
-
Target
Sender.exe
-
Size
9.0MB
-
MD5
5b25a79e9b96b0369ea325759135e043
-
SHA1
bb4c6c35965c2f7406d564de8bd5d489d03c13f5
-
SHA256
f9f90327321311cc2692c254634937d5eab4e4930598619d425ed095fd3f1b63
-
SHA512
002dff9c7d628a9493d6772dff35b58adae83ba56a4a182650c01dbe6681d71b7d6cc5ba6c66ac995e8b28b8534a013356bc744fd38667f231c90ff063ab3479
-
SSDEEP
98304:OhLvITBg6vamaHl3Ne4i3lqoFhTWrf9eQc0MJYzwZNqkz+as5J1n6ksB0rN9RhC:ONIWeNlpYfMQc2s8hn6ksqdhC
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
�f���H.pyc
-
Size
1KB
-
MD5
2153e923e155375e7bce6776133550b6
-
SHA1
da8bce5957893a7c5b27876bc3c04d710d24b348
-
SHA256
f0630ebe75e0de5ef2442b4cca37b0ad51efec23af13738d3cab00da847500ce
-
SHA512
0be75c83267b59aac25835ab54820f8140f93cc50b79a3fb84cbc02fb6eacc6746806209dfc0899fb9c502423492269d4a3840c5bc3cee62ba3f142822ef6428
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3