General
-
Target
424f0aca95f52696bdfe48474ef59eb52940626a1eb93a8c5b6f4881fa142ee5
-
Size
6.9MB
-
Sample
250123-py5hnazpdz
-
MD5
70a67386af6a516b11728ba752fca874
-
SHA1
2ea0711dc6896ffc7f3f23e3542e7c1afce4be2a
-
SHA256
424f0aca95f52696bdfe48474ef59eb52940626a1eb93a8c5b6f4881fa142ee5
-
SHA512
c127e6f676a9bc341f92a8ba3fe150bcd112137a42965473db40f760ee5f418a273002be3f8a34b64cb8d051e93bf1cb978edaf416b25b95f836c44b2bfa3a1b
-
SSDEEP
196608:3MV1vGQB6ylnlPzf+JiJCsmFMvQn6hqgdhh:6fBRlnlPSa7mmvQpgdhh
Malware Config
Targets
-
-
Target
424f0aca95f52696bdfe48474ef59eb52940626a1eb93a8c5b6f4881fa142ee5
-
Size
6.9MB
-
MD5
70a67386af6a516b11728ba752fca874
-
SHA1
2ea0711dc6896ffc7f3f23e3542e7c1afce4be2a
-
SHA256
424f0aca95f52696bdfe48474ef59eb52940626a1eb93a8c5b6f4881fa142ee5
-
SHA512
c127e6f676a9bc341f92a8ba3fe150bcd112137a42965473db40f760ee5f418a273002be3f8a34b64cb8d051e93bf1cb978edaf416b25b95f836c44b2bfa3a1b
-
SSDEEP
196608:3MV1vGQB6ylnlPzf+JiJCsmFMvQn6hqgdhh:6fBRlnlPSa7mmvQpgdhh
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Hide Artifacts: Hidden Files and Directories
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1