Resubmissions

23-11-2022 07:00

221123-hsvb6sed32 8

23-11-2022 06:57

221123-hrfsdsec63 8

23-11-2022 06:54

221123-hpk94aeb83 8

General

  • Target

    Impuestos-Documento_602959.rar

  • Size

    690KB

  • Sample

    221123-hsvb6sed32

  • MD5

    5b0e80869eed42c23f5384817c04761f

  • SHA1

    29d5e2bf179df514f8a6804bee7f27cc39408f4c

  • SHA256

    e345954cfc37f2b5eac48dadcb5d9b21a48a2397f33b7115d3138d79c9caf903

  • SHA512

    eaf7f8bb18463524c5f1ff372d4a9d0009e42d28d8252b4174ae9fd72c5c37d3447698af39ab27af2af89150a7e7188ec93b4ffe0010436653ed6ffc4f54e8a8

  • SSDEEP

    12288:dQdAqYoJbEJLVi+/wECs8qeqEZe8h6nKivA1WDjavY:GdAqHbAjZyvBsKL1Wnaw

Malware Config

Targets

    • Target

      Impuestos-Documento_602959.rar

    • Size

      690KB

    • MD5

      5b0e80869eed42c23f5384817c04761f

    • SHA1

      29d5e2bf179df514f8a6804bee7f27cc39408f4c

    • SHA256

      e345954cfc37f2b5eac48dadcb5d9b21a48a2397f33b7115d3138d79c9caf903

    • SHA512

      eaf7f8bb18463524c5f1ff372d4a9d0009e42d28d8252b4174ae9fd72c5c37d3447698af39ab27af2af89150a7e7188ec93b4ffe0010436653ed6ffc4f54e8a8

    • SSDEEP

      12288:dQdAqYoJbEJLVi+/wECs8qeqEZe8h6nKivA1WDjavY:GdAqHbAjZyvBsKL1Wnaw

    Score
    3/10
    • Target

      Impuestos-Documento.cmd

    • Size

      1.4MB

    • MD5

      f1e205f5c2af21d36963e2697e1e67d1

    • SHA1

      4923fa8bb19691db6df989d8ecb06d0536c0f551

    • SHA256

      2eb1053488d1655020ed6cbd8dc26040976573eb7e3b1aa92de19148111fc06e

    • SHA512

      2283f1e25d492d07870b41f4c6090647170302f5f08d8cceb7b56942f74da8673e58753051349eb8455d6cdf1466a787b7b590a539599f59807a200d30f7c087

    • SSDEEP

      24576:Mb0FVpeKWpAECJvaz35lCK1CjMzGbfJFQ9w9DI5Jb5ruQ3duLD:liKNtad10bQFhcLD

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks