Overview

overview

10

Static

static

10

IMAGE TOKE...ER.rar

windows11-21h2-x64

1

Builder.exe

windows11-21h2-x64

8

�d]T� .pyc

windows11-21h2-x64

README.txt

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMAGE TOKEN GRABBER.rar

  • Size

    5.8MB

  • Sample

    250118-t8cylsyjav

  • MD5

    0e7cd7916b3a6293ad8cac14785373d6

  • SHA1

    8a48d2b50c0eea8c1ab4f9aa2b1b084edb47ce9b

  • SHA256

    01e9c7b17de6d65c6292e8f86abc5ae3c3150b11504993c426c3b4391688676a

  • SHA512

    be2cb80b0d6dd67010f8edb3b8047ff8fd712dee3b162c5457019c89246c746cd4de0738ec8b3d6dec863b351afefbe26633dca8409396a03555421bbf2da0f4

  • SSDEEP

    98304:Nke70SmD9rst4XC2Zc/FCbPzaMLnn0psA/oe5IkLsL15y0g/3mZTOYR+rBWvVMrY:NkqOD9rstGC2ZuFWPOMjQro8IkALbfkg

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      IMAGE TOKEN GRABBER.rar

    • Size

      5.8MB

    • MD5

      0e7cd7916b3a6293ad8cac14785373d6

    • SHA1

      8a48d2b50c0eea8c1ab4f9aa2b1b084edb47ce9b

    • SHA256

      01e9c7b17de6d65c6292e8f86abc5ae3c3150b11504993c426c3b4391688676a

    • SHA512

      be2cb80b0d6dd67010f8edb3b8047ff8fd712dee3b162c5457019c89246c746cd4de0738ec8b3d6dec863b351afefbe26633dca8409396a03555421bbf2da0f4

    • SSDEEP

      98304:Nke70SmD9rst4XC2Zc/FCbPzaMLnn0psA/oe5IkLsL15y0g/3mZTOYR+rBWvVMrY:NkqOD9rstGC2ZuFWPOMjQro8IkALbfkg

    Score
    1/10
    behavioral1

    • Target

      Builder.bat

    • Size

      6.0MB

    • MD5

      6e82d5096ecc9edf1ecf2260b561f957

    • SHA1

      bd9dc15e9f28c4210306ac3a12ad55ed2bf4f939

    • SHA256

      9945e87a1ca542897f02db85a4503a3d5b65de54b08be720d096c62d25e4357d

    • SHA512

      dc155597afa523f128b7e7fecd37b01005e4b32477a4137786f7772b81d06d6330a2214ac0274f7e1acd4f827e0b56ff026df01577299e446dca275d46c60765

    • SSDEEP

      98304:LaEtdFBCm/I5xamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RGOnAKt7M0Cu:LhFIm/NeN/FJMIDJf0gsAGK4RVnAKtIE

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral2

    • Target

      �d]T� .pyc

    • Size

      857B

    • MD5

      917bfc5b215759aa5060d5a0a95b388b

    • SHA1

      07094f8f990a2dd459692a3301ea84952ae5c1fd

    • SHA256

      d98188ad9a52808ee66a3117607f728d56c575b9b2ea0def6aaec99c38350f0f

    • SHA512

      19f4f170bf61656037dbd2f7eaef9c9f05efefc8a1cfef081e1118e7f48d76c9685f529953d2c7c5ed9b4ed2557fd3e8d420e8d695ac55dcd430a75804cfdcdd

    Score
    1/10
    behavioral3

    • Target

      README.txt

    • Size

      53B

    • MD5

      27552b24deb043662cf9e3abfaf9213e

    • SHA1

      152b3c6dbceb132d7aa43103e01b1de5f37aae99

    • SHA256

      529a8df304bf5e3d0401b2455fcb62e1068c5c8160bf66665b9fefccdea9dfd4

    • SHA512

      dff147af894478f78b9e3554eebf009b2c423df2e0d57a707fab3756bde2e4a6c760f78f078bc55283d73b3cd54e4931419bb299184311a84262316ce0720b29

    Score
    3/10
    behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Network Configuration Discovery

2
T1016

Internet Connection Discovery

1
T1016.001

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks