Resubmissions

06-12-2021 10:42

211206-mrvzjadggm 10

18-11-2021 09:01

211118-kyyynafbd7 7

18-11-2021 08:53

211118-ktap9scbam 7

General

  • Target

    2098765234567890987660.E.exe

  • Size

    759KB

  • Sample

    211118-ktap9scbam

  • MD5

    bbbf28c148eb325812183d91d8e8a239

  • SHA1

    ba7612abff608b6dd038acfb43a31741329e007c

  • SHA256

    caa0fa101c0ee313ae591239f18dcd8fc37cb235af7dfb2e9de350d7f448d34b

  • SHA512

    852c5aedfc4090559d50ea136aeb6270308766585acb49054f64c570af1011e26b295d681064cbe00d227b3d4dbfd0cc2a34d1113052eb5cc097dbde925978bc

Malware Config

Targets

    • Target

      2098765234567890987660.E.exe

    • Size

      759KB

    • MD5

      bbbf28c148eb325812183d91d8e8a239

    • SHA1

      ba7612abff608b6dd038acfb43a31741329e007c

    • SHA256

      caa0fa101c0ee313ae591239f18dcd8fc37cb235af7dfb2e9de350d7f448d34b

    • SHA512

      852c5aedfc4090559d50ea136aeb6270308766585acb49054f64c570af1011e26b295d681064cbe00d227b3d4dbfd0cc2a34d1113052eb5cc097dbde925978bc

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks