General

  • Target

    3b7861cad786db67917fe2f1d3ef2f1bd0e2d380344daa3740e5e34c2933e73f

  • Size

    1.7MB

  • Sample

    220703-tvc2fsaea9

  • MD5

    42b20dcbd610b03d01a7a1aa6097e3c1

  • SHA1

    3eb62ee5d514f631f9c539f8e570f194454536e5

  • SHA256

    3b7861cad786db67917fe2f1d3ef2f1bd0e2d380344daa3740e5e34c2933e73f

  • SHA512

    4d2143582976afa1d8122db31a8840fa2c6f86090f3c1db9cb8764d4f845d9f57114828b0ad3ff4ad49061fd0c8a374a81d9f2638c395fe0c6128ed698bb3659

Malware Config

Targets

    • Target

      3b7861cad786db67917fe2f1d3ef2f1bd0e2d380344daa3740e5e34c2933e73f

    • Size

      1.7MB

    • MD5

      42b20dcbd610b03d01a7a1aa6097e3c1

    • SHA1

      3eb62ee5d514f631f9c539f8e570f194454536e5

    • SHA256

      3b7861cad786db67917fe2f1d3ef2f1bd0e2d380344daa3740e5e34c2933e73f

    • SHA512

      4d2143582976afa1d8122db31a8840fa2c6f86090f3c1db9cb8764d4f845d9f57114828b0ad3ff4ad49061fd0c8a374a81d9f2638c395fe0c6128ed698bb3659

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Tasks