General

  • Target

    winAPI.dll

  • Size

    45.7MB

  • Sample

    250115-v5xpaazkbs

  • MD5

    4b48fc5056eb12d35cb7f7d4de75903b

  • SHA1

    3aafda02a78507719b38d88900160d734307e697

  • SHA256

    b4244a5e44a39ed6cba73f5b93530186b2286fbdaa3447ea5f2bdcc2efc793d5

  • SHA512

    f3d611d52c329ebbd82c98978d31a3486e1b7c3787a9ecc4328fde562be428e1f40e45b44830c21bdbe55606d10fb2ed4f137fc7e7bee88389684ad540f85a40

  • SSDEEP

    393216:51Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYf7:5Mguj8Q4VfvZqFTrYsSStr

Malware Config

Targets

    • Target

      winAPI.dll

    • Size

      45.7MB

    • MD5

      4b48fc5056eb12d35cb7f7d4de75903b

    • SHA1

      3aafda02a78507719b38d88900160d734307e697

    • SHA256

      b4244a5e44a39ed6cba73f5b93530186b2286fbdaa3447ea5f2bdcc2efc793d5

    • SHA512

      f3d611d52c329ebbd82c98978d31a3486e1b7c3787a9ecc4328fde562be428e1f40e45b44830c21bdbe55606d10fb2ed4f137fc7e7bee88389684ad540f85a40

    • SSDEEP

      393216:51Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYf7:5Mguj8Q4VfvZqFTrYsSStr

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks