General

  • Target

    c98c90fc50e3638cfc1edb4d4f9d8373477db758d4c100061e4d668cceeed368

  • Size

    2.5MB

  • Sample

    221124-x1f7vagg4t

  • MD5

    fcdc5133fafde64985b84c53249f5e47

  • SHA1

    8401f4cebb91e6e2eb5491e42456bfa43636377c

  • SHA256

    c98c90fc50e3638cfc1edb4d4f9d8373477db758d4c100061e4d668cceeed368

  • SHA512

    a712ca2e63097a72471c94b0dd88996c9323ba567f1f30ebd49318f2ca5165c95b71ed4d405d088b7499fb7d6d964b4d31dfca64494f9e7e28200d3ebe5c788f

  • SSDEEP

    49152:h1OsaTAHQDPTB3RnKWXUjuxZsHKddXx/WPKGL2ONrq8J8aUnbeZ9i:h1OpTAqMjuxZH/WpdU

Malware Config

Targets

    • Target

      c98c90fc50e3638cfc1edb4d4f9d8373477db758d4c100061e4d668cceeed368

    • Size

      2.5MB

    • MD5

      fcdc5133fafde64985b84c53249f5e47

    • SHA1

      8401f4cebb91e6e2eb5491e42456bfa43636377c

    • SHA256

      c98c90fc50e3638cfc1edb4d4f9d8373477db758d4c100061e4d668cceeed368

    • SHA512

      a712ca2e63097a72471c94b0dd88996c9323ba567f1f30ebd49318f2ca5165c95b71ed4d405d088b7499fb7d6d964b4d31dfca64494f9e7e28200d3ebe5c788f

    • SSDEEP

      49152:h1OsaTAHQDPTB3RnKWXUjuxZsHKddXx/WPKGL2ONrq8J8aUnbeZ9i:h1OpTAqMjuxZH/WpdU

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks