General

  • Target

    FvzBAeFDuwBdp64U.exe

  • Size

    30.9MB

  • Sample

    220920-lg25esgbem

  • MD5

    5542452ea869f36e244b4e36778402e1

  • SHA1

    73428a883c9b9be7fa2232886518303930696cf0

  • SHA256

    2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6

  • SHA512

    09d70f3b310f4573d6e46d6427bf35f3ec07a8e4781024114b7a3285d6e200887d7902c99b09fe3e963eaf807badf01fd2760e4e43f689b6ae239361364f4b0e

  • SSDEEP

    786432:Z2faUkc9ErUHWeGrugO4PyQpFANWWCoMQA3oQ892FO:QfNkc9EC2T5yYuyvv3YU

Malware Config

Targets

    • Target

      FvzBAeFDuwBdp64U.exe

    • Size

      30.9MB

    • MD5

      5542452ea869f36e244b4e36778402e1

    • SHA1

      73428a883c9b9be7fa2232886518303930696cf0

    • SHA256

      2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6

    • SHA512

      09d70f3b310f4573d6e46d6427bf35f3ec07a8e4781024114b7a3285d6e200887d7902c99b09fe3e963eaf807badf01fd2760e4e43f689b6ae239361364f4b0e

    • SSDEEP

      786432:Z2faUkc9ErUHWeGrugO4PyQpFANWWCoMQA3oQ892FO:QfNkc9EC2T5yYuyvv3YU

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v6

Tasks