General

  • Target

    977e58eeed2abd4a02e40be131d88b5b

  • Size

    457KB

  • Sample

    210722-mgb8c9vtkx

  • MD5

    977e58eeed2abd4a02e40be131d88b5b

  • SHA1

    0f15fb8159919b246fa1d9ade78043cc6459721a

  • SHA256

    d2bab01fe3f3615831a146acbe0b099deb680545132eb28a0f1e42e37aa3870b

  • SHA512

    e756730aba47984cabf6249a3a35753d823dfde398357f771d61fed47160bfc7d0502e0fdf67fa5fe683eb693c946c4d681660d87f4fd954108c8a0bc0f9edac

Malware Config

Targets

    • Target

      977e58eeed2abd4a02e40be131d88b5b

    • Size

      457KB

    • MD5

      977e58eeed2abd4a02e40be131d88b5b

    • SHA1

      0f15fb8159919b246fa1d9ade78043cc6459721a

    • SHA256

      d2bab01fe3f3615831a146acbe0b099deb680545132eb28a0f1e42e37aa3870b

    • SHA512

      e756730aba47984cabf6249a3a35753d823dfde398357f771d61fed47160bfc7d0502e0fdf67fa5fe683eb693c946c4d681660d87f4fd954108c8a0bc0f9edac

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Discovery

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation