General

  • Target

    build.exe

  • Size

    10.7MB

  • Sample

    250119-wj9bmayph1

  • MD5

    4081df80761ad0cd6e1c9d5883af26e7

  • SHA1

    c1a8e5f7dd0c75561fd03f91a25bd1099e61e24b

  • SHA256

    7885453ec78da9f1b83e965b9da757147fc01a96cada33551f670177a5ccd25c

  • SHA512

    37d4332d02502cb211b118c1715ef6df569c6e95144fa963d84df768e4810bedbac3a781d011dc458b80f776eb92c085cfa471768099028a56f9b92e06af6674

  • SSDEEP

    196608:StGcCHYDXninAnnnnnnnnnnnnnnonnnnnnnnnnnnnXa:SRCAXninAnnnnnnnnnnnnnnonnnnnnnq

Malware Config

Targets

    • Target

      build.exe

    • Size

      10.7MB

    • MD5

      4081df80761ad0cd6e1c9d5883af26e7

    • SHA1

      c1a8e5f7dd0c75561fd03f91a25bd1099e61e24b

    • SHA256

      7885453ec78da9f1b83e965b9da757147fc01a96cada33551f670177a5ccd25c

    • SHA512

      37d4332d02502cb211b118c1715ef6df569c6e95144fa963d84df768e4810bedbac3a781d011dc458b80f776eb92c085cfa471768099028a56f9b92e06af6674

    • SSDEEP

      196608:StGcCHYDXninAnnnnnnnnnnnnnnonnnnnnnnnnnnnXa:SRCAXninAnnnnnnnnnnnnnnonnnnnnnq

    • Enumerates VirtualBox DLL files

    • Looks for VirtualBox drivers on disk

    • Looks for VirtualBox executables on disk

    • Looks for VMWare drivers on disk

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks