General

  • Target

    b2e11f3d169e554a69f6a457cc4629f75eae8b49c5e745f56546c248f140697a

  • Size

    491KB

  • Sample

    221003-xc951sbccm

  • MD5

    66ab374f3df96bf4e1f471d50b6d67a0

  • SHA1

    cc35340e17e2adb066f1cfe58d2d194d0a87c2f2

  • SHA256

    b2e11f3d169e554a69f6a457cc4629f75eae8b49c5e745f56546c248f140697a

  • SHA512

    5e953c2ba7d1a090ef5661e1d8768de93b932df466578d89fa3fa3eebb00bccaf70c3246e92edbf4bf0eca8574524818c1802f9d676ee84ab94ab5e086a515db

  • SSDEEP

    12288:mlHkkfPV9Ba2JiyC4bniHx7l9hRabnTWhx8U8z:mikfzBafyCg0l9Puahx2

Malware Config

Targets

    • Target

      b2e11f3d169e554a69f6a457cc4629f75eae8b49c5e745f56546c248f140697a

    • Size

      491KB

    • MD5

      66ab374f3df96bf4e1f471d50b6d67a0

    • SHA1

      cc35340e17e2adb066f1cfe58d2d194d0a87c2f2

    • SHA256

      b2e11f3d169e554a69f6a457cc4629f75eae8b49c5e745f56546c248f140697a

    • SHA512

      5e953c2ba7d1a090ef5661e1d8768de93b932df466578d89fa3fa3eebb00bccaf70c3246e92edbf4bf0eca8574524818c1802f9d676ee84ab94ab5e086a515db

    • SSDEEP

      12288:mlHkkfPV9Ba2JiyC4bniHx7l9hRabnTWhx8U8z:mikfzBafyCg0l9Puahx2

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks