General

  • Target

    file

  • Size

    7.3MB

  • Sample

    221123-srrvrsfb41

  • MD5

    d7772af55ad86fd7e0d80b329232d4a0

  • SHA1

    91bd1a0568fe8f276fd60049412672cb349cd73b

  • SHA256

    a30898a315160935891eaf5dc01eac7086e6a72e14dfb9f7be43835261f87290

  • SHA512

    d2f4ec0885da71f43b2758d0b21266b53a30014e8d4775c3181d834ac3fb9f5b8acc6a0f549c52e4f40ecfadd1f5b6b70bdac6364492a68e007b6a4ccdbc2e71

  • SSDEEP

    196608:91OaKOEjiU9l5UOA0yU/MmtNSM3f7LoVf/Ui2g6n:3Oa8Hl5tA0yTmW8Lt8G

Malware Config

Targets

    • Target

      file

    • Size

      7.3MB

    • MD5

      d7772af55ad86fd7e0d80b329232d4a0

    • SHA1

      91bd1a0568fe8f276fd60049412672cb349cd73b

    • SHA256

      a30898a315160935891eaf5dc01eac7086e6a72e14dfb9f7be43835261f87290

    • SHA512

      d2f4ec0885da71f43b2758d0b21266b53a30014e8d4775c3181d834ac3fb9f5b8acc6a0f549c52e4f40ecfadd1f5b6b70bdac6364492a68e007b6a4ccdbc2e71

    • SSDEEP

      196608:91OaKOEjiU9l5UOA0yU/MmtNSM3f7LoVf/Ui2g6n:3Oa8Hl5tA0yTmW8Lt8G

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks