Resubmissions

14-09-2021 09:52

210914-lv85wsaebj 10

09-07-2021 18:31

210709-dplxbpw8y2 10

General

  • Target

    bf4ca3ef810bbc866015723e09cdfb7b.exe

  • Size

    476KB

  • Sample

    210914-lv85wsaebj

  • MD5

    bf4ca3ef810bbc866015723e09cdfb7b

  • SHA1

    b1ef1b47cb790ee88866d31bb09929a516e36caf

  • SHA256

    70707206bfdc0b86a9494f7780c55829e993a93a7d65d0279bc9c73b97ffc005

  • SHA512

    1fdac4d5fc922265871ac741fb3241e28307e6c52297e515e8e5aaeb85c9fb2c88183a3a0f080c4ae9e53e1553064d9308a74b5888b8c42f813e395c09aa45b8

Malware Config

Targets

    • Target

      bf4ca3ef810bbc866015723e09cdfb7b.exe

    • Size

      476KB

    • MD5

      bf4ca3ef810bbc866015723e09cdfb7b

    • SHA1

      b1ef1b47cb790ee88866d31bb09929a516e36caf

    • SHA256

      70707206bfdc0b86a9494f7780c55829e993a93a7d65d0279bc9c73b97ffc005

    • SHA512

      1fdac4d5fc922265871ac741fb3241e28307e6c52297e515e8e5aaeb85c9fb2c88183a3a0f080c4ae9e53e1553064d9308a74b5888b8c42f813e395c09aa45b8

    • Modifies system executable filetype association

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Change Default File Association

1
T1042

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks