General
-
Target
Document.zip
-
Size
5.7MB
-
Sample
221012-wn31eaefb6
-
MD5
00fe7c67c2f28e38cbbd95ad1c38ad82
-
SHA1
0de5c048ba27623904a62171682d38e22495b872
-
SHA256
f0e8ccd2f98ef6f6a4cf2282853e6418a8f3a8873d4eb7d25c5ff20b284d7414
-
SHA512
f45df1fef179701333a1fde4a133e4a12b2d64f86f1fc0766af2817f97bb6770e05d4cb881650d0891c63dcd815cd38fb99c78dee00ec7ce3734541fe2913896
-
SSDEEP
98304:THBDWThB8SStGYh6wmkQFZjseH2cjH//HKcExP4HrgvNSodXI/T+Okr242i:rJwzNSt+ZkUZ5HHj3KcmACMTDK
Malware Config
Targets
-
-
Target
Document.zip
-
Size
5.7MB
-
MD5
00fe7c67c2f28e38cbbd95ad1c38ad82
-
SHA1
0de5c048ba27623904a62171682d38e22495b872
-
SHA256
f0e8ccd2f98ef6f6a4cf2282853e6418a8f3a8873d4eb7d25c5ff20b284d7414
-
SHA512
f45df1fef179701333a1fde4a133e4a12b2d64f86f1fc0766af2817f97bb6770e05d4cb881650d0891c63dcd815cd38fb99c78dee00ec7ce3734541fe2913896
-
SSDEEP
98304:THBDWThB8SStGYh6wmkQFZjseH2cjH//HKcExP4HrgvNSodXI/T+Okr242i:rJwzNSt+ZkUZ5HHj3KcmACMTDK
Score1/10 -
-
-
Target
file.iso
-
Size
6.0MB
-
MD5
e1e9ac408a47b99a37188d22b50905d8
-
SHA1
2a38bc508a5549c68d1817f2d7bac95cdfb57b54
-
SHA256
857bf238a4efbb5f6352f0467e29c1ef4fecbdf3bcb0f0461da9da80a7c0e842
-
SHA512
afa8a5ad6c69b086f3f0d53b45f44264b2d25dea09c97ce193194d2f7b6844f802c8b4d591e7bb61e17c66eb74517bbcd4971a214ddcb9e7cc94115c1e156bc5
-
SSDEEP
98304:XAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEg:h9mzytc/CKDllTllCeue6STzA
Score3/10 -
-
-
Target
Document.lnk
-
Size
1KB
-
MD5
010cfd3c8c69c8fbd7ee6850b4631c1e
-
SHA1
f01f0fdd639c7dd1213ab90bd7c9f2a7f7bec4a9
-
SHA256
08e117ae6ef996ecdd65f19a62ab280a72db6c60d3453523916d77f60290896e
-
SHA512
347b0d690310f58d1099f0a104fa523a0d42888fc4c28e4e7d7c294590dbbc9546f771900b68084c33cb76a5aef45ea312f8b6f098e141a1fa79f39f12a7b37b
Score3/10 -
-
-
Target
file.bat
-
Size
121B
-
MD5
f2dfe2d042da18133306eed955367273
-
SHA1
430ea7ed2c8fdfcd86d908c349e69e135b08cff8
-
SHA256
c7509974ecff20140e027d4212c996dc32ecbec7f13c03ff85f82286df6a01e7
-
SHA512
4df232226b4f5498ab17a1b9761ebba375975bc9cabe41636e99e1ec738379e64524197c90ba167ef3473ed42890e302e2a2e3dabfc6be595a814d2c64bb1426
Score8/10-
Blocklisted process makes network request
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
file.js
-
Size
98B
-
MD5
667c29aa9b9e16ab6f26021e4bb1882e
-
SHA1
c6a7af7f2dc8d94b0b194eb6449abec6df1dc14b
-
SHA256
a189d37a16340ff0686aa192b52ea53dd23804ed377f5c6a4f8bbf5f24c6a26f
-
SHA512
7afd4a1b6c0a02860c0251ba439284be2b66de45840a8947446e3eca2a14c45541e9776c1e822a93147b84c164efcd78739defc683fab8f587706db1bcd02979
Score8/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
uu.msi
-
Size
5.9MB
-
MD5
5a35d1da14c8bddf7fecfaefbf76a1b4
-
SHA1
536bddcecfec95b7c987fb9e248ba7c7da9b8944
-
SHA256
9fad7afeb555c95ba4f55ac3238e88eb098c7f9f1ab1796c930c5de54634801e
-
SHA512
e322b04665d46028c8167ada14c1bae8bd53eed04146f93406d01d4a9bd3a7204ac6e14a4bcb6a2e40b5bcef15f04c18542df084f019f4682461050288da735e
-
SSDEEP
98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEgT:w9mzytc/CKDllTllCeue6STzAT
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets service image path in registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-