General

  • Target

    af395a3a35d12ab4f9955a9550224c210ad1297714270a96550ba65397b3214a

  • Size

    5.2MB

  • Sample

    220502-srmwtagae2

  • MD5

    e884174691d4097c7ae04b437cc03b74

  • SHA1

    ee9cfd12153e37d02e5c095189e364e42fe329ab

  • SHA256

    af395a3a35d12ab4f9955a9550224c210ad1297714270a96550ba65397b3214a

  • SHA512

    36b30067cf28c44be5b7da4920cda6e33f9029c701de2e142eba0538b06bcc7b8b03d065d7c099b15124cbad02da35dc5f18c3371cab0e8c83ff87fd00901440

Malware Config

Targets

    • Target

      af395a3a35d12ab4f9955a9550224c210ad1297714270a96550ba65397b3214a

    • Size

      5.2MB

    • MD5

      e884174691d4097c7ae04b437cc03b74

    • SHA1

      ee9cfd12153e37d02e5c095189e364e42fe329ab

    • SHA256

      af395a3a35d12ab4f9955a9550224c210ad1297714270a96550ba65397b3214a

    • SHA512

      36b30067cf28c44be5b7da4920cda6e33f9029c701de2e142eba0538b06bcc7b8b03d065d7c099b15124cbad02da35dc5f18c3371cab0e8c83ff87fd00901440

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks