General

  • Target

    004a8cc310aff8ac66cdf102844ef37a728f54963eaaf083a82c3a18ae3021fa

  • Size

    632KB

  • Sample

    220516-zctt5sbbcm

  • MD5

    655803ae75ec3b85d18598bb56df3ae6

  • SHA1

    0b43f6dd5d6968d4fe3ee0cd97de5c60e7fd02b0

  • SHA256

    004a8cc310aff8ac66cdf102844ef37a728f54963eaaf083a82c3a18ae3021fa

  • SHA512

    6f96f2011cf72c97aa46f60988684d835a9442a7b83689710dc23a5bedf4efa4c7e96eb0b2a69dd673dc44d1bda0397b79b49578c62408f1e55bf5d7e0cb3c3e

Malware Config

Targets

    • Target

      004a8cc310aff8ac66cdf102844ef37a728f54963eaaf083a82c3a18ae3021fa

    • Size

      632KB

    • MD5

      655803ae75ec3b85d18598bb56df3ae6

    • SHA1

      0b43f6dd5d6968d4fe3ee0cd97de5c60e7fd02b0

    • SHA256

      004a8cc310aff8ac66cdf102844ef37a728f54963eaaf083a82c3a18ae3021fa

    • SHA512

      6f96f2011cf72c97aa46f60988684d835a9442a7b83689710dc23a5bedf4efa4c7e96eb0b2a69dd673dc44d1bda0397b79b49578c62408f1e55bf5d7e0cb3c3e

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks