General

  • Target

    eef638c058f44481d29fb8b763af94001c632cea7b8b801218de99b8a0750ed0

  • Size

    557KB

  • Sample

    220415-p5qm3sdad8

  • MD5

    a9c69fa0b7a1a2a72928c83bf48cea3e

  • SHA1

    7cf88e28f6a0e12953a89aba86cc1dea8794f27e

  • SHA256

    eef638c058f44481d29fb8b763af94001c632cea7b8b801218de99b8a0750ed0

  • SHA512

    de5e3403104d78951505c03e51c6ae7526612a844ebc4e989d4faf8bf8138fa9f3afcc39d80ac1d224dd1f95dfcd215cb12407273e90dc409e48908417513e5b

Score
10/10

Malware Config

Targets

    • Target

      eef638c058f44481d29fb8b763af94001c632cea7b8b801218de99b8a0750ed0

    • Size

      557KB

    • MD5

      a9c69fa0b7a1a2a72928c83bf48cea3e

    • SHA1

      7cf88e28f6a0e12953a89aba86cc1dea8794f27e

    • SHA256

      eef638c058f44481d29fb8b763af94001c632cea7b8b801218de99b8a0750ed0

    • SHA512

      de5e3403104d78951505c03e51c6ae7526612a844ebc4e989d4faf8bf8138fa9f3afcc39d80ac1d224dd1f95dfcd215cb12407273e90dc409e48908417513e5b

    Score
    10/10
    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks