General

  • Target

    9650e457ef860fb26a87e6a855b511032e90400a222e5c72dcfe98c36e7793d6

  • Size

    3.6MB

  • Sample

    220703-vewdjahcep

  • MD5

    3b4fdd7d656bc22a62a692d324a91234

  • SHA1

    7483ca4e48ff7e06a21fa2c8cd7baee5697baac7

  • SHA256

    9650e457ef860fb26a87e6a855b511032e90400a222e5c72dcfe98c36e7793d6

  • SHA512

    c961124320251eaa271bf110b68b87aa7e88b70308c6ab8995754c683b26bd91813ce2eb202cbc548e0152fd89cd617da6ead8fb8c6dff310a0bb2a13bc667fb

Malware Config

Targets

    • Target

      9650e457ef860fb26a87e6a855b511032e90400a222e5c72dcfe98c36e7793d6

    • Size

      3.6MB

    • MD5

      3b4fdd7d656bc22a62a692d324a91234

    • SHA1

      7483ca4e48ff7e06a21fa2c8cd7baee5697baac7

    • SHA256

      9650e457ef860fb26a87e6a855b511032e90400a222e5c72dcfe98c36e7793d6

    • SHA512

      c961124320251eaa271bf110b68b87aa7e88b70308c6ab8995754c683b26bd91813ce2eb202cbc548e0152fd89cd617da6ead8fb8c6dff310a0bb2a13bc667fb

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Tasks