General

  • Target

    c7a114e54e2ce52679d4939e9157cded41182dbe9f4972202e4aee52704ac598

  • Size

    494KB

  • Sample

    221030-ck634sgdc4

  • MD5

    83f046f6f230a07eab101ed3331344f0

  • SHA1

    96b3f91c5078aa888e5891b7ec6535f0f3549d9c

  • SHA256

    c7a114e54e2ce52679d4939e9157cded41182dbe9f4972202e4aee52704ac598

  • SHA512

    fe0bf74b3d024bdd4223e16579923d9ae3b677fa11f5e625147cda79ea08376b040387a25b1317e205ceed4d537659de3b88ec68a9ff2a31a169aa0c8974062b

  • SSDEEP

    12288:gKd82tx6ZWoLX6sg8v4h3HMVt30pgz70B+YqykNuc:jhsxLXRY3sV67Fkl

Malware Config

Targets

    • Target

      c7a114e54e2ce52679d4939e9157cded41182dbe9f4972202e4aee52704ac598

    • Size

      494KB

    • MD5

      83f046f6f230a07eab101ed3331344f0

    • SHA1

      96b3f91c5078aa888e5891b7ec6535f0f3549d9c

    • SHA256

      c7a114e54e2ce52679d4939e9157cded41182dbe9f4972202e4aee52704ac598

    • SHA512

      fe0bf74b3d024bdd4223e16579923d9ae3b677fa11f5e625147cda79ea08376b040387a25b1317e205ceed4d537659de3b88ec68a9ff2a31a169aa0c8974062b

    • SSDEEP

      12288:gKd82tx6ZWoLX6sg8v4h3HMVt30pgz70B+YqykNuc:jhsxLXRY3sV67Fkl

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks