General

  • Target

    c68178b1a835d9bbc40e25ae067a9fa248474f4dcf73168a859f3cdba2a26d11

  • Size

    2.5MB

  • Sample

    221124-x7p4bshb71

  • MD5

    d75197ad7e482d7d85eaa11480011beb

  • SHA1

    b7a115e34ca99ffb0ec7b9cc4011566ad918d403

  • SHA256

    c68178b1a835d9bbc40e25ae067a9fa248474f4dcf73168a859f3cdba2a26d11

  • SHA512

    0920d58c5e513eb65bed46d679e52b635d815ef9f4c4daf5271a12685433efced25bcccc04a03339f9f841174dee7efb0680bbbff837316b82e85a84df281a10

  • SSDEEP

    49152:h1OsaCpYO/dJJDHhs6oxRkNfehWfNs4VGufZ9JODSTz4bkw:h1Owly7kNfrNq4w

Malware Config

Targets

    • Target

      c68178b1a835d9bbc40e25ae067a9fa248474f4dcf73168a859f3cdba2a26d11

    • Size

      2.5MB

    • MD5

      d75197ad7e482d7d85eaa11480011beb

    • SHA1

      b7a115e34ca99ffb0ec7b9cc4011566ad918d403

    • SHA256

      c68178b1a835d9bbc40e25ae067a9fa248474f4dcf73168a859f3cdba2a26d11

    • SHA512

      0920d58c5e513eb65bed46d679e52b635d815ef9f4c4daf5271a12685433efced25bcccc04a03339f9f841174dee7efb0680bbbff837316b82e85a84df281a10

    • SSDEEP

      49152:h1OsaCpYO/dJJDHhs6oxRkNfehWfNs4VGufZ9JODSTz4bkw:h1Owly7kNfrNq4w

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks