General

  • Target

    eca3684f68d645ee6e591345e53f514f15e88c2de59248a9c95895b56b24ff46

  • Size

    454KB

  • Sample

    220521-bmbvbafbbm

  • MD5

    fd14c17e1c5f6a0f03efd69865af68f0

  • SHA1

    1bb42707c96bb9bc95682a4cca08cf635ed99cd1

  • SHA256

    eca3684f68d645ee6e591345e53f514f15e88c2de59248a9c95895b56b24ff46

  • SHA512

    d6faedcd03e2affd903cda838ec3bd10ac3999860147a329ad21c2ad89f016b227763349c0229f7ac1e5856946a13e68625daebfd8a852492ec9ac5e92ed0531

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    alfons.anselmi@skeqmbh.at
  • Password:
    JesusChrist007

Targets

    • Target

      Products.exe

    • Size

      526KB

    • MD5

      63d386a24b5c94be1200a1ccbb3a65f3

    • SHA1

      79dc4e23ebfd6c230b36b51f6d38478718b6e411

    • SHA256

      5484437e5558ad4ab12238badc7596b612e8c2b64eec13ce4b378c5c88efd7c5

    • SHA512

      78e585533dfbf6526a2b4028fa4b682cb9fc98ea3da0fb1aab31bf44a715108331b8cc7b8a726cd371475327a9fab7c9b4d8fd86291d4880e2f91597357d0aa9

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Tasks