General

  • Target

    0a90fcb89e5c36783d14359dfd0d2462.exe

  • Size

    2MB

  • Sample

    220411-h3sw4aedg9

  • MD5

    0a90fcb89e5c36783d14359dfd0d2462

  • SHA1

    2ff0e1a4c591dfc6182c4f58209ae02210abff86

  • SHA256

    09bbc753aa0ac277e42418b81587e1362c5dea6798432b3f589f0dae187d7953

  • SHA512

    bf043ddd6c6c4ac363d4f62399be6eb396f6f8ece8310cd4164eaf7109a62c5e44b7f2a3e1eb75f47f8c11942dc7a47f25680f6ffd4314212f563dcea0f46b81

Malware Config

Targets

    • Target

      0a90fcb89e5c36783d14359dfd0d2462.exe

    • Size

      2MB

    • MD5

      0a90fcb89e5c36783d14359dfd0d2462

    • SHA1

      2ff0e1a4c591dfc6182c4f58209ae02210abff86

    • SHA256

      09bbc753aa0ac277e42418b81587e1362c5dea6798432b3f589f0dae187d7953

    • SHA512

      bf043ddd6c6c4ac363d4f62399be6eb396f6f8ece8310cd4164eaf7109a62c5e44b7f2a3e1eb75f47f8c11942dc7a47f25680f6ffd4314212f563dcea0f46b81

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks