General

  • Size

    37MB

  • Sample

    220220-wnqp3sbeh6

  • MD5

    4f709e1c6951bbd65d03a9f44961e0ae

  • SHA1

    b228bc6e3572f714ace26b19b9383691684e18f2

  • SHA256

    f266a09389e628b992560b33d50f91f022a89976cc80fa580cf780c40a74c9fa

  • SHA512

    e1a67c87bbde1b7615d3d8321734d9d4ad7a3a626b8912b27b28f4c2c85ddf85162edc62b40b7cf9377936c2d90b63a9b676a546a1ce50417e4ec32460802e7d

Malware Config

Targets

    • Target

      Fruit_of_the_ace_v3.11.99.mal

    • Size

      37MB

    • MD5

      4f709e1c6951bbd65d03a9f44961e0ae

    • SHA1

      b228bc6e3572f714ace26b19b9383691684e18f2

    • SHA256

      f266a09389e628b992560b33d50f91f022a89976cc80fa580cf780c40a74c9fa

    • SHA512

      e1a67c87bbde1b7615d3d8321734d9d4ad7a3a626b8912b27b28f4c2c85ddf85162edc62b40b7cf9377936c2d90b63a9b676a546a1ce50417e4ec32460802e7d

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation