General

  • Target

    28c0926299b71b731bbc95a8234402ec0bd8ff75d5b864ff745073066167504e

  • Size

    726KB

  • Sample

    221121-k9rnqagd5y

  • MD5

    20dd9aa2a9cfa494acf2afd16ae17250

  • SHA1

    007c0aa79e4ca88932a8d074d4f0c975cb35b482

  • SHA256

    28c0926299b71b731bbc95a8234402ec0bd8ff75d5b864ff745073066167504e

  • SHA512

    74c15328010cf23f98c2453089c5cb0c4a326b7eed2a1f57f1873dedc163c8d3feeb3f305e39d52a3f54551251ab2b7ad32813df7148c19211e606fb3c44a06d

  • SSDEEP

    12288:yK/8qz+sR3iVqrQsZyr6ArkwfO6FxOGqE/6+hrOpdcs1/0K8Rhtt89IsTWmle9B:yq8mR3iVqrQsZ9AYwjXog6+lOEs1/3C/

Malware Config

Targets

    • Target

      28c0926299b71b731bbc95a8234402ec0bd8ff75d5b864ff745073066167504e

    • Size

      726KB

    • MD5

      20dd9aa2a9cfa494acf2afd16ae17250

    • SHA1

      007c0aa79e4ca88932a8d074d4f0c975cb35b482

    • SHA256

      28c0926299b71b731bbc95a8234402ec0bd8ff75d5b864ff745073066167504e

    • SHA512

      74c15328010cf23f98c2453089c5cb0c4a326b7eed2a1f57f1873dedc163c8d3feeb3f305e39d52a3f54551251ab2b7ad32813df7148c19211e606fb3c44a06d

    • SSDEEP

      12288:yK/8qz+sR3iVqrQsZyr6ArkwfO6FxOGqE/6+hrOpdcs1/0K8Rhtt89IsTWmle9B:yq8mR3iVqrQsZ9AYwjXog6+lOEs1/3C/

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks