General

  • Target

    vmeo.exe

  • Size

    1.6MB

  • Sample

    210412-zdx6vhs8vs

  • MD5

    680db8071c092a79396fa2a44e710d70

  • SHA1

    4f16d9dae64d87dcb25a9a4521930e055df4042e

  • SHA256

    e221a9a50a4c2492f5fbd710cddc97c63ea9247f6e6c0ba1893e12a9ca608395

  • SHA512

    d91bd6268a75c2d0435786d406dee95c5585ac94207d66fe019d506391a98af400a26548d7a24593864e46f646054881e65e10662d07960e41bd3e8fa6ed6fcf

Malware Config

Targets

    • Target

      vmeo.exe

    • Size

      1.6MB

    • MD5

      680db8071c092a79396fa2a44e710d70

    • SHA1

      4f16d9dae64d87dcb25a9a4521930e055df4042e

    • SHA256

      e221a9a50a4c2492f5fbd710cddc97c63ea9247f6e6c0ba1893e12a9ca608395

    • SHA512

      d91bd6268a75c2d0435786d406dee95c5585ac94207d66fe019d506391a98af400a26548d7a24593864e46f646054881e65e10662d07960e41bd3e8fa6ed6fcf

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks