General

  • Target

    2942374610000000.zip

  • Size

    4.5MB

  • Sample

    210421-vkwh8b3v2j

  • MD5

    d43059e2360a026564d008745c1b52b2

  • SHA1

    ced02a29d3b0698b17688743c2aa21cbef5881fc

  • SHA256

    c87e91767ee0a53a7a626ca6fe62c2cb507d6f97b50366691269aea7b2c70345

  • SHA512

    9a7182db6d1595abb4673b223c2355979e659a5b895699c00da52b21237dc1a81d5d8bc642e0fc4b871ecb1cfba2b821f5de33fcb2195d6c26813061ff26dce0

Malware Config

Targets

    • Target

      2942374610000000.exe

    • Size

      5.0MB

    • MD5

      59498885737e7cb3114a58df9d6ba36a

    • SHA1

      a826024a0cde1262dd37e6ee7542fabc12d3e8e7

    • SHA256

      f98c7b0c2c4618d63c38d0c9f7bdc1085e4008296568ee5519ad44e7a3145080

    • SHA512

      67603e79638e085239d4d8a012d202f89678510779fe23e05f3b3341a04b5d5184daf781f3bb8f693ec83980f3d5cc6158fa2c81c5f5f09c1be288e5db100126

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

4
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks