General

  • Target

    1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e

  • Size

    270KB

  • Sample

    220612-2tn2bseed6

  • MD5

    a937b808651c5278b0d41a24db7db03c

  • SHA1

    6101369439607b2b301d14321ae61b8590ac6070

  • SHA256

    1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e

  • SHA512

    64c0469533dd31e9a829d5208ea532ab3858ad8321f9626ba678fcad49d9857fc944f7a5cf2f90d33f1a002456dd42ba32775c73dd38726a8d1ed578e6005c26

Malware Config

Targets

    • Target

      1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e

    • Size

      270KB

    • MD5

      a937b808651c5278b0d41a24db7db03c

    • SHA1

      6101369439607b2b301d14321ae61b8590ac6070

    • SHA256

      1df4d4b68ddb2b438bdf3d3c19c317ae5fb2b15af5610ef781abf5329450374e

    • SHA512

      64c0469533dd31e9a829d5208ea532ab3858ad8321f9626ba678fcad49d9857fc944f7a5cf2f90d33f1a002456dd42ba32775c73dd38726a8d1ed578e6005c26

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks