General

  • Target

    0d6b90ee5101fc5019d9fe3b3482e9241b185d4b91a7234aa9b8df11141d459d

  • Size

    320KB

  • Sample

    221101-nqbd6scdeq

  • MD5

    22da9b54568583b43458e20a87d1d9ba

  • SHA1

    c3d867ec63129b11321ea82469039fb08a6bd007

  • SHA256

    0d6b90ee5101fc5019d9fe3b3482e9241b185d4b91a7234aa9b8df11141d459d

  • SHA512

    e6788b23c61a9e69955bc491e59f1a3c4d8e3840f720312b95fd1cb376524259161681b6ec31d1920883c93d5722c0a66cb31b102d34bef73149a9107eed5367

  • SSDEEP

    3072:IS5wZSaSp5AZDY5UV/0AoGItnut9Tf9LDIqxN6GuBHJuqQVggjcGkNIVqIs7:9wZSabZDY2/0mI4HfNDISNtCI/7ITsq

Malware Config

Targets

    • Target

      0d6b90ee5101fc5019d9fe3b3482e9241b185d4b91a7234aa9b8df11141d459d

    • Size

      320KB

    • MD5

      22da9b54568583b43458e20a87d1d9ba

    • SHA1

      c3d867ec63129b11321ea82469039fb08a6bd007

    • SHA256

      0d6b90ee5101fc5019d9fe3b3482e9241b185d4b91a7234aa9b8df11141d459d

    • SHA512

      e6788b23c61a9e69955bc491e59f1a3c4d8e3840f720312b95fd1cb376524259161681b6ec31d1920883c93d5722c0a66cb31b102d34bef73149a9107eed5367

    • SSDEEP

      3072:IS5wZSaSp5AZDY5UV/0AoGItnut9Tf9LDIqxN6GuBHJuqQVggjcGkNIVqIs7:9wZSabZDY2/0mI4HfNDISNtCI/7ITsq

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks