General
-
Target
CPV1.2.exe
-
Size
6.6MB
-
Sample
250203-sqpc9awpfq
-
MD5
60ffda3434f0141f4f63db50e2fdf188
-
SHA1
958ec5e3049c7a8512983814e68adf263ec00693
-
SHA256
4ab6ea9de1bf3728c7db50b1e6957ff946a6edd7b527ad6f969282effe30d9f5
-
SHA512
65586858678e4b7dffe94b138e228358f3fd564524306152e84aa7e7a082a35e916eab2d074942c371e20f20ed33629039c7cb99e543b2b2f6c8912d039bb810
-
SSDEEP
196608:o1fUDOYjJlpZstQoS9Hf12VKXMSEbb5CdVbcz:hBpGt7G/Mygb8Qz
Malware Config
Targets
-
-
Target
CPV1.2.exe
-
Size
6.6MB
-
MD5
60ffda3434f0141f4f63db50e2fdf188
-
SHA1
958ec5e3049c7a8512983814e68adf263ec00693
-
SHA256
4ab6ea9de1bf3728c7db50b1e6957ff946a6edd7b527ad6f969282effe30d9f5
-
SHA512
65586858678e4b7dffe94b138e228358f3fd564524306152e84aa7e7a082a35e916eab2d074942c371e20f20ed33629039c7cb99e543b2b2f6c8912d039bb810
-
SSDEEP
196608:o1fUDOYjJlpZstQoS9Hf12VKXMSEbb5CdVbcz:hBpGt7G/Mygb8Qz
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3