General

  • Target

    File.zip

  • Size

    7.0MB

  • Sample

    220923-gtj26adcf7

  • MD5

    17276aa1bd352f1e26e6406f5284df55

  • SHA1

    b2b0f0f0b51ccb5f46715991eabfb39bf00c1d41

  • SHA256

    ba03e3c5a1f373995f0af45ae59f9dec351fbe48d66b51445794b31b36d171ec

  • SHA512

    cc551fcf0a7c0b2e155f2bf2837574bb1c7422d5de40876a7d3aa33f1e2b4ceb7d8e0607c4f40179546ab2d2fe7c82b25a152ecc26e97844167d9254ffebde85

  • SSDEEP

    196608:TjfhnB6upbVCeZwYKWVzk4RJAcMXwXehvQfLiJXbAC:vZn0upxCeZTzDRfXeeZC

Malware Config

Targets

    • Target

      Install.exe

    • Size

      677.1MB

    • MD5

      b8b8c49990bf51ebceaf590a63755776

    • SHA1

      5b22cceb421b9ec5c6dc8473f14536988219c772

    • SHA256

      6c946ff547598b2c441585c9aadb78dfa29ec5b8810e054b7781b07873575f3c

    • SHA512

      659120e29ef2626d7dbb267302dfc813258ed59387bb191521b0c99b2300feca532e50f10d902d1ba1bb096c454ae93d89448fe3dfff8be8f8bc13ab8a073ef8

    • SSDEEP

      98304:F1k4IbZ0ukBR72hXDQp4K9r8omQBCqXav4v5Hdvs58mU8DYfuDLA1cbGK9JP9Atz:F1k4ICukehe8oXCqXam3U5tcff8JP9A

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Target

      write.exe

    • Size

      11KB

    • MD5

      b947cca7f485f6c1156f4d02e8c9874f

    • SHA1

      9f184e48f17f104c6a476687e8e760a65a0326b5

    • SHA256

      a70d52eda892edc073932b462cc367cdbfbace3f4196857d8d4fa869a13de792

    • SHA512

      28c6ff32bc94aad8b201e469f854dde32cad9eb2e7a80ed858ac2ff99648312cecca06918bce96e8d905d52d5ebee076bd08d957f7933602c0c79d93ead20ee3

    • SSDEEP

      192:ZV89t7hglDCS8O3GbXdYFWihWxu/sWGOW:ZVM7hceSP3IXioxu/sWGOW

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks