General

  • Target

    2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

  • Size

    2.2MB

  • Sample

    220415-kxdakahde9

  • MD5

    41d2d84306230b4b34fd9bba81c8c266

  • SHA1

    b50404acbac5c7d8315fecd477a1d43ddf6e812e

  • SHA256

    2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

  • SHA512

    0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

Malware Config

Targets

    • Target

      2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

    • Size

      2.2MB

    • MD5

      41d2d84306230b4b34fd9bba81c8c266

    • SHA1

      b50404acbac5c7d8315fecd477a1d43ddf6e812e

    • SHA256

      2b9874c1a387cdd9bad50e5ecbb121bc5ac57afc1fcc5e830549641690f93aa8

    • SHA512

      0431136940780b6e9e4565c39e78a66b9c3a677dbd8cb0aad2b29c995c11001916931d402c332d480d4806463fa51c3ae3478a17f7724c7663374455c9221bc8

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • Executes dropped EXE

    • Modifies file permissions

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks