General

  • Target

    0c3dfd73120cad98b4e02c48c903b5c3d529cb977fcd1a50889f7f01f7b57726

  • Size

    5.7MB

  • Sample

    221123-njz4ysha67

  • MD5

    2c415314c7861142f74e1639acc1fe05

  • SHA1

    cf99d8d4251067e19fa500e85c156c565c5582e5

  • SHA256

    0c3dfd73120cad98b4e02c48c903b5c3d529cb977fcd1a50889f7f01f7b57726

  • SHA512

    5ebfaebed20f396ecfa63ee3689b4498753bf5da7d990b650e97626a480cc12b0a79dab78e51b078c70a0b448acb52750cd41ea14db109934306e52816679f46

  • SSDEEP

    98304:aL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czZ:G89J/ANzywiJlgQNUJ2BTDYiqcAViVwt

Malware Config

Targets

    • Target

      0c3dfd73120cad98b4e02c48c903b5c3d529cb977fcd1a50889f7f01f7b57726

    • Size

      5.7MB

    • MD5

      2c415314c7861142f74e1639acc1fe05

    • SHA1

      cf99d8d4251067e19fa500e85c156c565c5582e5

    • SHA256

      0c3dfd73120cad98b4e02c48c903b5c3d529cb977fcd1a50889f7f01f7b57726

    • SHA512

      5ebfaebed20f396ecfa63ee3689b4498753bf5da7d990b650e97626a480cc12b0a79dab78e51b078c70a0b448acb52750cd41ea14db109934306e52816679f46

    • SSDEEP

      98304:aL+p957/mfkAb0JOyEmi+thHGAa0P9CQOGCfRJ2jlTDZ2l4wdcACdcruV95czZ:G89J/ANzywiJlgQNUJ2BTDYiqcAViVwt

    • Executes dropped EXE

    • Modifies AppInit DLL entries

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks