Resubmissions

22-01-2021 13:50

210122-8mzgcvqz7j 8

22-01-2021 13:30

210122-9kfvyp6lrx 8

22-01-2021 13:27

210122-t61ddv7plj 10

General

  • Target

    5984545316044800.zip.zip

  • Size

    5MB

  • Sample

    210122-9kfvyp6lrx

  • MD5

    e63db582a4592a524904d108ac44f607

  • SHA1

    9e834dc9c070c97af2ceb1a9b5827a2c74e7c658

  • SHA256

    9899d0f860f8097ccd07091a40d88a6f79cb92c8b9c2917845cc1d329ba85a71

  • SHA512

    07315a42ff7176c78483f51978ee0c68734a4c0ba15c082ea6c73f6bc9ab28848468d9993082867ddde58f0da7a8be9d0989ddaf000bf5950b73299d35a3c656

Score
8/10

Malware Config

Targets

    • Target

      06456edb20ab947356811ad8ce3a16ae3ea702342163b67907217a3d28b6d698

    • Size

      7MB

    • MD5

      d88626469337e68200907f9c3573eb04

    • SHA1

      9ac4991a8518166ac9b11bfca02045ba1c7822fd

    • SHA256

      06456edb20ab947356811ad8ce3a16ae3ea702342163b67907217a3d28b6d698

    • SHA512

      e6fbd55aeecf8d03bb621311918ddff34ed254ed580e4d2ce2d254f23c6dcfadb64f6701e61bd921042100f7f06ee112d7348d8c7ff0ba014a2a2ea8d8e28175

    Score
    8/10
    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks