Overview

overview

10

Static

static

1

Document-0...ad.lnk

windows7-x64

3

Document-0...ad.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document-0191536.pdf.lnk.download.lnk

  • Size

    3KB

  • Sample

    250131-mpc1yatjfw

  • MD5

    55546c788e0e0bfc56207ee32f6c1eab

  • SHA1

    8b06c2ab87a75bdaa4962f8eeac7c094242b1e69

  • SHA256

    02c22ae33c4f792f3b30e5aa8d465bd51e408079aa6f6ace1e0c56cd03a9128e

  • SHA512

    0f51136e562b8f774ca89824c3199d97008942f16f2d2df5e4335be8467a36c7c600999d9bf5fb9c163fc2ce630d2519d54e17b1b06a8ff3fbdbf4242e21322a

Score
10/10
metastealerdiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

metastealer

C2

kiyaqoimsiieeyqa.xyz

ssqsmisuowqcwsqo.xyz

ykqmwgsuummieaug.xyz

ewukeskgqswqesiw.xyz

cscqcsgewmwwaaui.xyz

cyoksykiamiscyia.xyz

okgomokemoucqeso.xyz

ikwacuakiqeimwua.xyz

aawcsqqaywckiwmi.xyz

aiqasksgmyeqocei.xyz

qgumcuisgaeyuqqe.xyz

eiesoycamyqqgcea.xyz

ywceswakicsqomqw.xyz

auaieuewouawygku.xyz

cmiascusccywowcs.xyz

uiqkkomkaceqacec.xyz

quqeciymqmkqccqw.xyz

ssqsauuuyyigouou.xyz

aogaakukuugqswcy.xyz

ucgwcwsuqsuwewgc.xyz
Attributes
  • dga_seed

    21845

  • domain_length

    16

  • num_dga_domains

    10000

  • port

    443

Targets

    • Target

      Document-0191536.pdf.lnk.download.lnk

    • Size

      3KB

    • MD5

      55546c788e0e0bfc56207ee32f6c1eab

    • SHA1

      8b06c2ab87a75bdaa4962f8eeac7c094242b1e69

    • SHA256

      02c22ae33c4f792f3b30e5aa8d465bd51e408079aa6f6ace1e0c56cd03a9128e

    • SHA512

      0f51136e562b8f774ca89824c3199d97008942f16f2d2df5e4335be8467a36c7c600999d9bf5fb9c163fc2ce630d2519d54e17b1b06a8ff3fbdbf4242e21322a

    Score
    10/10
    metastealerdiscoveryexecutionspywarestealer

    • Meta Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

      stealermetastealer

    • MetaStealer payload

    • Metastealer family

      metastealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks