General

  • Target

    0x00060000000231dd-137.dat

  • Size

    301KB

  • Sample

    220506-seqf6saae3

  • MD5

    a28dd9f9e5e5b9cd4ed4678f272ae95b

  • SHA1

    8baf92898954d076879daf50bcd2b895ecd15f83

  • SHA256

    503f345095e5aa479b922a79aa479394a7ecedc9eba9d396a2a82c4649a479d1

  • SHA512

    a20b9661804f8b787434d70c7beccddef9a013bd76cab31f94e7da1162b8ed764e195d626e3ae7522e5f4581c169cd34ae190eb60f2b370859d2994f5ab7e310

Malware Config

Targets

    • Target

      0x00060000000231dd-137.dat

    • Size

      301KB

    • MD5

      a28dd9f9e5e5b9cd4ed4678f272ae95b

    • SHA1

      8baf92898954d076879daf50bcd2b895ecd15f83

    • SHA256

      503f345095e5aa479b922a79aa479394a7ecedc9eba9d396a2a82c4649a479d1

    • SHA512

      a20b9661804f8b787434d70c7beccddef9a013bd76cab31f94e7da1162b8ed764e195d626e3ae7522e5f4581c169cd34ae190eb60f2b370859d2994f5ab7e310

    • suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved

      suricata: ET MALWARE Vidar/Arkei/Megumin Stealer Keywords Retrieved

    • suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer

      suricata: ET MALWARE W32/Agent.OGR!tr.pws Stealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks