b69a4fef963a0d91d405a3f2094581ef22bfe0e6aa0c67a10eb560a683f6e606 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

ketamine.exe

windows7-x64

7

ketamine.exe

windows10-1703-x64

7

ketamine.exe

windows7-x64

7

ketamine.exe

windows10-2004-x64

8

ketamine.exe

windows11-21h2-x64

8

Sharing

General

Target

ketamine.exe
Size

25.8MB
Sample

240701-m9sl5a1fkn
MD5

7b513480b32c6038e61413461664063c
SHA1

e12e1f035da33f435ac5723e59502f2a0a4345de
SHA256

b69a4fef963a0d91d405a3f2094581ef22bfe0e6aa0c67a10eb560a683f6e606
SHA512

b16c36a2bf5587c8b72ec2ff56e20f3b09d1880d6592ce83f9f7442ce1705f7b553c314f2890a7fc1a47c0d0675d7836602d0600ef2627ade83432d9852d3655
SSDEEP

393216:to9DM45UUDtSJurEUWjagZewBm6bjHTw6:S9N6cYdb9ZewBmUHJ

Score

8^/10

execution persistence privilege_escalation pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ketamine.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

ketamine.exe

Resource

win10-20240404-en

windows10-1703-x64

6 signatures

300 seconds

Behavioral task

behavioral3

Sample

ketamine.exe

Resource

win7-20240611-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral4

Sample

ketamine.exe

Resource

win10v2004-20240508-en

execution persistence privilege_escalation spyware stealer upx

windows10-2004-x64

11 signatures

300 seconds

Behavioral task

behavioral5

Sample

ketamine.exe

Resource

win11-20240611-en

execution persistence privilege_escalation spyware stealer upx

windows11-21h2-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  ketamine.exe
- Size
  
  25.8MB
- MD5
  
  7b513480b32c6038e61413461664063c
- SHA1
  
  e12e1f035da33f435ac5723e59502f2a0a4345de
- SHA256
  
  b69a4fef963a0d91d405a3f2094581ef22bfe0e6aa0c67a10eb560a683f6e606
- SHA512
  
  b16c36a2bf5587c8b72ec2ff56e20f3b09d1880d6592ce83f9f7442ce1705f7b553c314f2890a7fc1a47c0d0675d7836602d0600ef2627ade83432d9852d3655
- SSDEEP
  
  393216:to9DM45UUDtSJurEUWjagZewBm6bjHTw6:S9N6cYdb9ZewBmUHJ
Score

8^/10

upx execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

executionpersistenceprivilege_escalationspywarestealerupx

behavioral5

executionpersistenceprivilege_escalationspywarestealerupx

© 2018-2024

Terms | Privacy