Resubmissions

03-05-2022 13:05

220503-qbj4wafba7 8

20-04-2022 06:43

220420-hgxcdshgam 8

General

  • Target

    8fba92e7730c734197c8e5977533df77.exe

  • Size

    975KB

  • Sample

    220420-hgxcdshgam

  • MD5

    8fba92e7730c734197c8e5977533df77

  • SHA1

    8106d808d0199d230b5943f15b1d85d05334d3ea

  • SHA256

    72cb26ac08fa4ba35112a093b506eb97f730537f9a011a20ad8049d4da6fcb77

  • SHA512

    ab1e7246e219b63b65082de10be4f6880bee0e1b04a50722bb7a1b8cfa81853a5793f581decfc43b5f1cf02d01fdd4fa3bc047cbc28afc0f37f6f87b75b397bb

Malware Config

Targets

    • Target

      8fba92e7730c734197c8e5977533df77.exe

    • Size

      975KB

    • MD5

      8fba92e7730c734197c8e5977533df77

    • SHA1

      8106d808d0199d230b5943f15b1d85d05334d3ea

    • SHA256

      72cb26ac08fa4ba35112a093b506eb97f730537f9a011a20ad8049d4da6fcb77

    • SHA512

      ab1e7246e219b63b65082de10be4f6880bee0e1b04a50722bb7a1b8cfa81853a5793f581decfc43b5f1cf02d01fdd4fa3bc047cbc28afc0f37f6f87b75b397bb

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks