General

  • Target

    5700f1f8f5e4ba09e5f683945d4384f8f5e72c1a54e8f2beb4bfe1de1a5fbd1d

  • Size

    1.5MB

  • Sample

    220725-bd7kmagecp

  • MD5

    09a4ebcec4652bc093ce7d022dc4147e

  • SHA1

    364dc6e2491561bbc0135e4d7cdc54edb3d47bc4

  • SHA256

    5700f1f8f5e4ba09e5f683945d4384f8f5e72c1a54e8f2beb4bfe1de1a5fbd1d

  • SHA512

    f0b8c69bacd7727370d83bb6bd67bda2a0a6427a92413d8c6bc7b11fe912ceb886e1bfc07cfb11d48a6fe82f7e4f69e7a53258854c1a2cf132afdedabc9ca9d4

Malware Config

Targets

    • Target

      5700f1f8f5e4ba09e5f683945d4384f8f5e72c1a54e8f2beb4bfe1de1a5fbd1d

    • Size

      1.5MB

    • MD5

      09a4ebcec4652bc093ce7d022dc4147e

    • SHA1

      364dc6e2491561bbc0135e4d7cdc54edb3d47bc4

    • SHA256

      5700f1f8f5e4ba09e5f683945d4384f8f5e72c1a54e8f2beb4bfe1de1a5fbd1d

    • SHA512

      f0b8c69bacd7727370d83bb6bd67bda2a0a6427a92413d8c6bc7b11fe912ceb886e1bfc07cfb11d48a6fe82f7e4f69e7a53258854c1a2cf132afdedabc9ca9d4

    • suricata: ET MALWARE Win32/Kelihos.F Checkin

      suricata: ET MALWARE Win32/Kelihos.F Checkin

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks