General

  • Target

    zYTxXPy.exe

  • Size

    103.1MB

  • Sample

    250630-xzle6ser2t

  • MD5

    eddaf4da89e6006ccd7e7232771c2ce5

  • SHA1

    697cd14705ed98e45a8b4126039f9e0f671b334d

  • SHA256

    c6f4f1625fb3471f730689c3c0dbf1402934cd6758d31b9c967ace7f39f9efc3

  • SHA512

    3d4a8c4b5a30c7d31a8ce1ddba993aa60eca4c4681ef1e54a50f375575e566f1f385a7aca07cad2a900ea300025864d6a1489e3dff883329eab35a68e60d9591

  • SSDEEP

    3145728:iVgYRPSC++6y9AiVd1AY5bADDxgds8pOeqZCp:gxaC4y9AiV75bAHCB4bZC

Malware Config

Targets

    • Target

      zYTxXPy.exe

    • Size

      103.1MB

    • MD5

      eddaf4da89e6006ccd7e7232771c2ce5

    • SHA1

      697cd14705ed98e45a8b4126039f9e0f671b334d

    • SHA256

      c6f4f1625fb3471f730689c3c0dbf1402934cd6758d31b9c967ace7f39f9efc3

    • SHA512

      3d4a8c4b5a30c7d31a8ce1ddba993aa60eca4c4681ef1e54a50f375575e566f1f385a7aca07cad2a900ea300025864d6a1489e3dff883329eab35a68e60d9591

    • SSDEEP

      3145728:iVgYRPSC++6y9AiVd1AY5bADDxgds8pOeqZCp:gxaC4y9AiV75bAHCB4bZC

    • Disables Task Manager via registry modification

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      MTD-TEXTUREPACKS.pyc

    • Size

      155KB

    • MD5

      9584bc09b537db8a5eca3681fb563055

    • SHA1

      96cfc20cb38c1a2baa5fc3f8c31df835c8f9b292

    • SHA256

      5dffa0d06610d9e1373af52b9a2d994150802e702652dddf6db9fa7c14997990

    • SHA512

      f94bd88092e0f25a4cd8ff207ddee5a2e38996393defa43d593ec319a65ea44e86c4b0a448681d014ef472f078eb9d6aa551346bc4949a2d7bebdcf993d7e511

    • SSDEEP

      3072:tI/rDzqbJq+lVVxnY/ArM6GvpvOdt24Pnf4tCN8om97:8oJq+lVVx4ArM7vpI3fwtCNnc7

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks