General
-
Target
Elemental_Inject.rar
-
Size
8.3MB
-
Sample
250131-119qyazrcl
-
MD5
568e9c88deb9a6dfb0acb696c986bdc8
-
SHA1
dc6ea4b11fb0b4381a6d1b51006ebdb0094bd44f
-
SHA256
7b6a446b150e1130c8907729a6f18596905893d719a11c5fd0f28b00f914a250
-
SHA512
5f2ebc81520c96b818aaed9737c3ac765528b0c7f480e630af6323643488cbb331197c9103c4c247d77cb9cbcb979ddd744b202a1c7992f0665ce691b3d378a9
-
SSDEEP
196608:Kog1trf+CEaDPsbKhZnv+3pCskZ49UtcDRtOt+fxBJcT:etrmCBDEYnQEsG49KWf86BaT
Malware Config
Targets
-
-
Target
Elemental_Inject.rar
-
Size
8.3MB
-
MD5
568e9c88deb9a6dfb0acb696c986bdc8
-
SHA1
dc6ea4b11fb0b4381a6d1b51006ebdb0094bd44f
-
SHA256
7b6a446b150e1130c8907729a6f18596905893d719a11c5fd0f28b00f914a250
-
SHA512
5f2ebc81520c96b818aaed9737c3ac765528b0c7f480e630af6323643488cbb331197c9103c4c247d77cb9cbcb979ddd744b202a1c7992f0665ce691b3d378a9
-
SSDEEP
196608:Kog1trf+CEaDPsbKhZnv+3pCskZ49UtcDRtOt+fxBJcT:etrmCBDEYnQEsG49KWf86BaT
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Elemental_Inject.exe
-
Size
8.4MB
-
MD5
c9cfa4f80f992625276baf3163bb1ef4
-
SHA1
cb8f6b629e70d266c5313d8d6a18ff48e298f513
-
SHA256
213800a539b979074818159fc4124c8c9a59b2c5dbce086c1a4732accdd778e8
-
SHA512
82d5853e9198f9a9e6ec2b7ad9f1d72a0f124771864effac8643649189e0be6d7b6a431309457505027e4490bb8a1ff8c710b6b3fbffbdac543aec8e1cbe5a5c
-
SSDEEP
196608:cUDHeNkdjbwfI9jUCBB7m+mKOY7rXrZui2ooDmhfvsbnTNWo:fSaRYIHL7HmBYXrtjoaUNL
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
Q��&U��.pyc
-
Size
1KB
-
MD5
2e0cf8fce26454e9c3a1fffdd84a8672
-
SHA1
146cfea6c261c11f0e2768b117547ef7baee5b09
-
SHA256
b27f5a2c9509b4b49edc72211f8c2f31b26e6f8ad391e7999c54072d62919531
-
SHA512
07d77004d9cf66e07ae0c550f3b09fc7098998bceaec7f8297957e85d97078d14151deca78f42c9b3c4c1524090adc5bcccb548169211233eb7975dced032066
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3