Overview

overview

10

Static

static

10

ce4pMzk.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ce4pMzk.exe

  • Size

    48KB

  • Sample

    250305-xy4kcsxks2

  • MD5

    d39df45e0030e02f7e5035386244a523

  • SHA1

    9ae72545a0b6004cdab34f56031dc1c8aa146cc9

  • SHA256

    df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2

  • SHA512

    69866ba5b53d1183a0899e3d22ff06111ae2e8df429beeb853c89f3ed0afb015dd4139b1c507566ffb0fe171a4ff1b318247b7a568dc492d9f71266f5c848a64

  • SSDEEP

    768:RRMOTuQwOYZiyYcpbEzlwF2g9ap4nLBFvpzbHyV6N55IHFKSu87W78aETvqtnqUg:7MOiQwOYZEcKzlwb9u4nLbvpzLy0N55q

Score
10/10
litehttpbotexecutionpersistencestealer

Malware Config

Extracted

Family

litehttp

Version

v1.0.9

C2

http://185.208.156.162/page.php

Attributes
  • key

    v1d6kd29g85cm8jp4pv8tvflvg303gbl

Targets

    • Target

      ce4pMzk.exe

    • Size

      48KB

    • MD5

      d39df45e0030e02f7e5035386244a523

    • SHA1

      9ae72545a0b6004cdab34f56031dc1c8aa146cc9

    • SHA256

      df468fc510aec82c827987f54b824b978dd71301f93d18d71e704727d6dfdfa2

    • SHA512

      69866ba5b53d1183a0899e3d22ff06111ae2e8df429beeb853c89f3ed0afb015dd4139b1c507566ffb0fe171a4ff1b318247b7a568dc492d9f71266f5c848a64

    • SSDEEP

      768:RRMOTuQwOYZiyYcpbEzlwF2g9ap4nLBFvpzbHyV6N55IHFKSu87W78aETvqtnqUg:7MOiQwOYZEcKzlwb9u4nLbvpzLy0N55q

    Score
    10/10
    litehttpbotexecutionpersistencestealer

    • LiteHTTP

      LiteHTTP is an open-source bot written in C#.

      stealerbotlitehttp

    • Litehttp family

      litehttp

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks