General

  • Target

    9a72e56ac0f1badd3ca761b53e9998a7e0525f2055dbec01d867f62bdb30418e

  • Size

    737KB

  • Sample

    220228-dvy1xsdac5

  • MD5

    22840909e11530390e8f74c6a162ded1

  • SHA1

    78d82f0ff396393e958553f25a47145916ea4e39

  • SHA256

    9a72e56ac0f1badd3ca761b53e9998a7e0525f2055dbec01d867f62bdb30418e

  • SHA512

    2a2214dc48b6942b19e439db189a9b2e7df6d91c26b24692fe370d552c70e828cb6d4ac344dc2fe36e08b0752e4ae8886f4d1f3f45970a65eaebae2d3069c130

Malware Config

Targets

    • Target

      9a72e56ac0f1badd3ca761b53e9998a7e0525f2055dbec01d867f62bdb30418e

    • Size

      737KB

    • MD5

      22840909e11530390e8f74c6a162ded1

    • SHA1

      78d82f0ff396393e958553f25a47145916ea4e39

    • SHA256

      9a72e56ac0f1badd3ca761b53e9998a7e0525f2055dbec01d867f62bdb30418e

    • SHA512

      2a2214dc48b6942b19e439db189a9b2e7df6d91c26b24692fe370d552c70e828cb6d4ac344dc2fe36e08b0752e4ae8886f4d1f3f45970a65eaebae2d3069c130

    • OutSteel

      OutSteel is a file uploader and document stealer written in AutoIT.

    • OutSteel batch script

      Detects batch script dropped by OutSteel

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Collection

Data from Local System

1
T1005

Tasks