Overview

overview

10

Static

static

10

Lanchez Cr...ot.dll

windows7-x64

3

Lanchez Cr...ot.dll

windows10-2004-x64

3

Lanchez Cr...sp.dll

windows7-x64

3

Lanchez Cr...sp.dll

windows10-2004-x64

3

Lanchez Cr...se.exe

windows7-x64

7

Lanchez Cr...se.exe

windows10-2004-x64

8

Lanchez Cr...nu.dll

windows7-x64

3

Lanchez Cr...nu.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lanchez Craftrise Loader.rar

  • Size

    6.1MB

  • Sample

    250207-s9tgbaykhk

  • MD5

    397a581bd5816e08106800e1b56b2929

  • SHA1

    c07cf274a312f337ada7f22f8a9ed323f03663c6

  • SHA256

    93cb0b00d018b38a9ae70a690e729abccceba0cfecbb44c683860bb07e1fc141

  • SHA512

    b378e976a191b379e641866a409547d25cdbc734b2b42817cd4c8813184a1096fe88eb5ce32398c9c44c02b9f78be2039cf214952ff6de1c068c90f5994c6159

  • SSDEEP

    196608:njg+9rPLUOu/01YOV+h+ZBBH7boQbmRu00N2QXh:njg+9rzUOu/0bEh+ZBBbMsmRL0YQXh

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      Lanchez Craftrise Loader/Aimbot.dll

    • Size

      296KB

    • MD5

      db9c725d611b129072b0bac9a1907e94

    • SHA1

      15a34cb6ab06a1faf92898a9359e0d6fc4742d19

    • SHA256

      074c42231beeb5f3a58b3be08d9d3edc82da1f9cf44bcb05be33904b9343b927

    • SHA512

      6eda29848324f0448ef81a3ad5bb2d5e4ebf18ff85c483f6b58b03b5c5ee695d8390ede0933530d61166c83d318cda17f7818ff80a9ad8bc9d8f67fad447fb36

    • SSDEEP

      3072:0ekZUeV9TcRy5Khw7pMDcbqvl7YxyfFTrlM8egog1mbjx4kZvvyD4NM5tXzUE6Rp:0PBV9mmuCmFG8WjxJ9vyVXb6R5q3w

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      Lanchez Craftrise Loader/Esp.dll

    • Size

      296KB

    • MD5

      db9c725d611b129072b0bac9a1907e94

    • SHA1

      15a34cb6ab06a1faf92898a9359e0d6fc4742d19

    • SHA256

      074c42231beeb5f3a58b3be08d9d3edc82da1f9cf44bcb05be33904b9343b927

    • SHA512

      6eda29848324f0448ef81a3ad5bb2d5e4ebf18ff85c483f6b58b03b5c5ee695d8390ede0933530d61166c83d318cda17f7818ff80a9ad8bc9d8f67fad447fb36

    • SSDEEP

      3072:0ekZUeV9TcRy5Khw7pMDcbqvl7YxyfFTrlM8egog1mbjx4kZvvyD4NM5tXzUE6Rp:0PBV9mmuCmFG8WjxJ9vyVXb6R5q3w

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Lanchez Craftrise Loader/Loader Craftrise.exe

    • Size

      5.9MB

    • MD5

      dedd95be1255b349794c1601974b8377

    • SHA1

      b12e349cc9b22b51e569d8ab6778959f4c2d6458

    • SHA256

      677362b183f8fc83923e8b4ed7c0281c45e0acac02c5fa6a8c02c6384d7cad99

    • SHA512

      4aa34cf1553518d919c3177974202c1aa334d0e7ec2ab4f51242d67112fab4a7e6c54c0215e952af84d351aa744bea9078ce4a70483e5f168b5f17ce2ca7170d

    • SSDEEP

      98304:DsmoDUN43WlmZjOjFgFEblNHYSxTpirSHcUR43zrwkdA8QJCKC7bN3mb6aFtMz6E:DsumWiOjmFwDRxtYSHdK34kdai7bN3mm

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      Lanchez Craftrise Loader/Menu.dll

    • Size

      296KB

    • MD5

      db9c725d611b129072b0bac9a1907e94

    • SHA1

      15a34cb6ab06a1faf92898a9359e0d6fc4742d19

    • SHA256

      074c42231beeb5f3a58b3be08d9d3edc82da1f9cf44bcb05be33904b9343b927

    • SHA512

      6eda29848324f0448ef81a3ad5bb2d5e4ebf18ff85c483f6b58b03b5c5ee695d8390ede0933530d61166c83d318cda17f7818ff80a9ad8bc9d8f67fad447fb36

    • SSDEEP

      3072:0ekZUeV9TcRy5Khw7pMDcbqvl7YxyfFTrlM8egog1mbjx4kZvvyD4NM5tXzUE6Rp:0PBV9mmuCmFG8WjxJ9vyVXb6R5q3w

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

2
T1016

Internet Connection Discovery

1
T1016.001

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks