Overview

overview

10

Static

static

10

H2 BOTNET.exe

windows10-2004-x64

8

r;5�8!.pyc

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    H2 BOTNET.exe

  • Size

    5.9MB

  • Sample

    250131-m4ajcstmex

  • MD5

    6121d9793742fd2ffbc985d0dad01a58

  • SHA1

    27fb444e6f7f838a02ee0d88fe111ca6b53faf03

  • SHA256

    5deb8f3ed733f1d73547bcd154f37f5cf991912f3bf7c6575dca700ea7c37b52

  • SHA512

    40cd64c1bda206579a7c52cb269750d641b388efd719f6f1a03134a2f33e9b28774cf89a38673ace5ca47d0b5904ef83802f2d7d2dede088a9dd0bfcb39c6e6a

  • SSDEEP

    98304:OVDe7pzWqi8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDbFM6+3RM55eE:OwNzW4B6yA+KO0WRqi6955eE

Score
10/10
blankgrabbercollectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      H2 BOTNET.exe

    • Size

      5.9MB

    • MD5

      6121d9793742fd2ffbc985d0dad01a58

    • SHA1

      27fb444e6f7f838a02ee0d88fe111ca6b53faf03

    • SHA256

      5deb8f3ed733f1d73547bcd154f37f5cf991912f3bf7c6575dca700ea7c37b52

    • SHA512

      40cd64c1bda206579a7c52cb269750d641b388efd719f6f1a03134a2f33e9b28774cf89a38673ace5ca47d0b5904ef83802f2d7d2dede088a9dd0bfcb39c6e6a

    • SSDEEP

      98304:OVDe7pzWqi8MMhJMjarCtaCObO/OH9KkqQz4W1kgeDbFM6+3RM55eE:OwNzW4B6yA+KO0WRqi6955eE

    Score
    8/10
    collectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      r;5�8!.pyc

    • Size

      857B

    • MD5

      4106719ee42a87bad6cedeebac054380

    • SHA1

      3f83a69f8d75c25504ea1f2f46ea3d77d9ad3cd5

    • SHA256

      ecfbbe48271ea3af38cf02bdca7571b1ba2e3a561a19a18bd509a7ad2b25df65

    • SHA512

      634522e27a6ae9a751ecbd954a29aca6eb2daa9c4ea9c065a3fe2a3db75730b63623029de61d1712cd4fc559a1cd0a7d8bf3796a6eb0324bf148e5abf06c3d12

    Score
    1/10
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks