General

  • Target

    1e949d5238fbf2ade45c91bb54de22ea.exe

  • Size

    590KB

  • Sample

    210408-2qzl8lz3cx

  • MD5

    1e949d5238fbf2ade45c91bb54de22ea

  • SHA1

    2e72856da91bde014732628119407d637c97a283

  • SHA256

    01469064718c89b6853365f1c7008c72ccd6a1ecb88a52cfcf82880e39dd0358

  • SHA512

    253007a3c0071e7a16e554ef7beb54b7e4875503e0074886793e34d9c3a77f00f744659755f5ea48187697006e3e6f0482bc3d5f1276ccef17433685a57ea236

Malware Config

Targets

    • Target

      1e949d5238fbf2ade45c91bb54de22ea.exe

    • Size

      590KB

    • MD5

      1e949d5238fbf2ade45c91bb54de22ea

    • SHA1

      2e72856da91bde014732628119407d637c97a283

    • SHA256

      01469064718c89b6853365f1c7008c72ccd6a1ecb88a52cfcf82880e39dd0358

    • SHA512

      253007a3c0071e7a16e554ef7beb54b7e4875503e0074886793e34d9c3a77f00f744659755f5ea48187697006e3e6f0482bc3d5f1276ccef17433685a57ea236

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Tasks