General
-
Target
c314a0eee82b049d2e8b82ea220d6a2bf15703dd8082729527fe6a23dcca12a1.zip
-
Size
7.5MB
-
Sample
250208-yxlhtstjhm
-
MD5
6155fbf1f32493ae418fe003658280ea
-
SHA1
542388c78c352f23d184ee922fbdebea20ebb56e
-
SHA256
b97eb8dae135119c54bc44837e0e04bbdfaf151dcbafac844293b06ae551fbcf
-
SHA512
b793910ba06a707eae2a119362e83972c5f8bd21ad4a88c6ea7284294a600772d62f417173080fe14f2f1f5b2eb10418f1c2aee737d23a02e284b11403ff043d
-
SSDEEP
196608:g0nR7GpkWVUTs9ITVa36fTVuJsHiJi1R8BDq:/RcVUTsC83IRuJsUi1R8c
Malware Config
Targets
-
-
Target
c314a0eee82b049d2e8b82ea220d6a2bf15703dd8082729527fe6a23dcca12a1.exe
-
Size
7.6MB
-
MD5
9a51b9963e25ffe717bd9079820d6492
-
SHA1
ab4b4ba789d0a6fc8475b6e063cd26c94af6bd05
-
SHA256
c314a0eee82b049d2e8b82ea220d6a2bf15703dd8082729527fe6a23dcca12a1
-
SHA512
89518ac776915ead8b45171d27334b65d4ac3479ae160cdab0506f5a5979f1fdc5fe5dc5b5f425c13d02394b02279cbd694f4f00b9fb8e1db486c295d146da09
-
SSDEEP
196608:rOD+kdQuwfI9jUCBB7m+mKOY7rXrZusooDmhfvsbnTNW2:65CFIHL7HmBYXrYoaUNB
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3