General
-
Target
HwidGet.exe
-
Size
8.9MB
-
Sample
250413-ztfzlsttay
-
MD5
e8d232f1fbbe37d16010f9b6b9345945
-
SHA1
2ab6bdf935346894c25d0c5943420bc23adaa7f1
-
SHA256
7b62c3234a8cc63710a2d4655d8c242ddcfb277dba5e26715f9d3be45be6534b
-
SHA512
e34921a890419ed2815ff1b3ce4324fa2f9e636d3bf94149960757ef45d48f72caaf0c3924fc6f8b23c7972351b5a0bdfc344cc52a81084c9b241b14d582a074
-
SSDEEP
196608:xWycMO0Qd+/MurErvI9pWjgfPvzm6gsYeWa+Er4f6B:3cr0QAEurEUWjC3zDCNG4f6B
Malware Config
Targets
-
-
Target
HwidGet.exe
-
Size
8.9MB
-
MD5
e8d232f1fbbe37d16010f9b6b9345945
-
SHA1
2ab6bdf935346894c25d0c5943420bc23adaa7f1
-
SHA256
7b62c3234a8cc63710a2d4655d8c242ddcfb277dba5e26715f9d3be45be6534b
-
SHA512
e34921a890419ed2815ff1b3ce4324fa2f9e636d3bf94149960757ef45d48f72caaf0c3924fc6f8b23c7972351b5a0bdfc344cc52a81084c9b241b14d582a074
-
SSDEEP
196608:xWycMO0Qd+/MurErvI9pWjgfPvzm6gsYeWa+Er4f6B:3cr0QAEurEUWjC3zDCNG4f6B
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-