General

  • Target

    belle_cracked.exe

  • Size

    13.3MB

  • Sample

    250704-ylr68syk18

  • MD5

    ac49cb7eaba627b1155e304b7dd3253f

  • SHA1

    968591f38d8a374a926a6efec57b26ccc0300ced

  • SHA256

    b1b3324ec9bed40d703507a3c95b4c84f8cc1a6c256d3107f7d669496c8effe2

  • SHA512

    25f7fbcb4268a8b87b98e0eb6a9558071b40d863dab029c9779975c5338dfd15236c778d1fae02de0082b5326c9f0e8438af4b8eae5dc91d07f728a150e8cae0

  • SSDEEP

    393216:VqTiyuq6mcnTyNMMm5zGm8fZRlqYGMleMaX:V8iyupTytm5qzvljpa

Malware Config

Targets

    • Target

      belle_cracked.exe

    • Size

      13.3MB

    • MD5

      ac49cb7eaba627b1155e304b7dd3253f

    • SHA1

      968591f38d8a374a926a6efec57b26ccc0300ced

    • SHA256

      b1b3324ec9bed40d703507a3c95b4c84f8cc1a6c256d3107f7d669496c8effe2

    • SHA512

      25f7fbcb4268a8b87b98e0eb6a9558071b40d863dab029c9779975c5338dfd15236c778d1fae02de0082b5326c9f0e8438af4b8eae5dc91d07f728a150e8cae0

    • SSDEEP

      393216:VqTiyuq6mcnTyNMMm5zGm8fZRlqYGMleMaX:V8iyupTytm5qzvljpa

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Creates new service(s)

    • Drops file in Drivers directory

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v16

Tasks