General
-
Target
Sigmanly_478b00840546cbbf0b1c289e0d693f51
-
Size
8.4MB
-
Sample
250414-qrbgnsy1gt
-
MD5
478b00840546cbbf0b1c289e0d693f51
-
SHA1
e9ec140f415b219209682f0ad7ba47b5dd050493
-
SHA256
b9cd224cfea3101277a8a00878e456ff435c936c097b534f6f5408ce138f3232
-
SHA512
ed6f45238ac6a7fc4551f4c8a5ac356f0a7b3407e3cfb0225b9269d2d51edc0ac868b33bfd105b5cc1c297ad97512516ab84a2631ab96281ce29c10a9585984e
-
SSDEEP
196608:GWS067MNJvwtTBwfI9jUCD6rlaZLH7qRGrGIYV9oKy8FUsOnAOk:kMNdFIH20drLYVmKjOk
Malware Config
Targets
-
-
Target
Sigmanly_478b00840546cbbf0b1c289e0d693f51
-
Size
8.4MB
-
MD5
478b00840546cbbf0b1c289e0d693f51
-
SHA1
e9ec140f415b219209682f0ad7ba47b5dd050493
-
SHA256
b9cd224cfea3101277a8a00878e456ff435c936c097b534f6f5408ce138f3232
-
SHA512
ed6f45238ac6a7fc4551f4c8a5ac356f0a7b3407e3cfb0225b9269d2d51edc0ac868b33bfd105b5cc1c297ad97512516ab84a2631ab96281ce29c10a9585984e
-
SSDEEP
196608:GWS067MNJvwtTBwfI9jUCD6rlaZLH7qRGrGIYV9oKy8FUsOnAOk:kMNdFIH20drLYVmKjOk
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-