General

  • Target

    cf11ff7569e7c5fa508c6cae0de1b8a57b9a761d089a101d7c4a6ef490cf756e

  • Size

    931KB

  • Sample

    221124-xnp9zsga9x

  • MD5

    3f8cbbde855059186217088d37879749

  • SHA1

    ecf6a88f1cdb82b909204d2c4870f0129d59d8e2

  • SHA256

    cf11ff7569e7c5fa508c6cae0de1b8a57b9a761d089a101d7c4a6ef490cf756e

  • SHA512

    414cbe8949f5cbc79a47c2260e4b4e1036aa86f073d4dd9c9bf05a732fd7d4d51564fecf771bff307032fee0526e7368311115863b206a4a028bcaf839c1d012

  • SSDEEP

    24576:h1OYdaOTCZ/iWCvu/2sWsJA/jlt+DHhsr:h1OspCpYO/dJJDHhsr

Malware Config

Targets

    • Target

      cf11ff7569e7c5fa508c6cae0de1b8a57b9a761d089a101d7c4a6ef490cf756e

    • Size

      931KB

    • MD5

      3f8cbbde855059186217088d37879749

    • SHA1

      ecf6a88f1cdb82b909204d2c4870f0129d59d8e2

    • SHA256

      cf11ff7569e7c5fa508c6cae0de1b8a57b9a761d089a101d7c4a6ef490cf756e

    • SHA512

      414cbe8949f5cbc79a47c2260e4b4e1036aa86f073d4dd9c9bf05a732fd7d4d51564fecf771bff307032fee0526e7368311115863b206a4a028bcaf839c1d012

    • SSDEEP

      24576:h1OYdaOTCZ/iWCvu/2sWsJA/jlt+DHhsr:h1OspCpYO/dJJDHhsr

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks