General

  • Target

    install.exe

  • Size

    7.0MB

  • Sample

    210621-evft5cvk1j

  • MD5

    a2aa04d1e39c3209a11cbcf4f74c2896

  • SHA1

    525b1b0935761fdd6c705cbf8e473dd7bc17bbec

  • SHA256

    a14a5bd355a6ee545e70cd1cdcfcba9b069bc200a0e85354434e91bfc79a4dbd

  • SHA512

    f1d579561d720bfb6e02423e55091b8e9612813718e29f132c1b6bed44d48ca5347c56aba7e344ae9a767e87eb6e0ba36972e1c757e46445f7920f7433fcb6d9

Malware Config

Targets

    • Target

      install.exe

    • Size

      7.0MB

    • MD5

      a2aa04d1e39c3209a11cbcf4f74c2896

    • SHA1

      525b1b0935761fdd6c705cbf8e473dd7bc17bbec

    • SHA256

      a14a5bd355a6ee545e70cd1cdcfcba9b069bc200a0e85354434e91bfc79a4dbd

    • SHA512

      f1d579561d720bfb6e02423e55091b8e9612813718e29f132c1b6bed44d48ca5347c56aba7e344ae9a767e87eb6e0ba36972e1c757e46445f7920f7433fcb6d9

    • Registers COM server for autorun

    • Windows security bypass

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Browser Extensions

1
T1176

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

1
T1005

Tasks