General

  • Target

    570aac583377c5bb62a131a3a273412200b97e10a17836cc45a08a70f25943b4

  • Size

    1.0MB

  • Sample

    220725-a9n8gsgcaq

  • MD5

    4766d7c149eefc5d1acf45f7f0420fea

  • SHA1

    8cec1a8aca94288fed2c2bf387bac0bb790e02b8

  • SHA256

    570aac583377c5bb62a131a3a273412200b97e10a17836cc45a08a70f25943b4

  • SHA512

    4586af19b1fe27b5c3fecc59fa2cecc25420fd95f50058a64ef330f2f32f010092f6081744af7e63597a08122d3979925867670a33d5da260b7341a8b28ba1e6

Malware Config

Targets

    • Target

      570aac583377c5bb62a131a3a273412200b97e10a17836cc45a08a70f25943b4

    • Size

      1.0MB

    • MD5

      4766d7c149eefc5d1acf45f7f0420fea

    • SHA1

      8cec1a8aca94288fed2c2bf387bac0bb790e02b8

    • SHA256

      570aac583377c5bb62a131a3a273412200b97e10a17836cc45a08a70f25943b4

    • SHA512

      4586af19b1fe27b5c3fecc59fa2cecc25420fd95f50058a64ef330f2f32f010092f6081744af7e63597a08122d3979925867670a33d5da260b7341a8b28ba1e6

    • suricata: ET MALWARE Win32/Kelihos.F Checkin

      suricata: ET MALWARE Win32/Kelihos.F Checkin

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks