General

  • Target

    c3a2a5a0ca8586f73b4867ed30c3201ad5d2f7dd4e1e69f4c9a12638f1b50fa2

  • Size

    931KB

  • Sample

    221124-ycl9maed67

  • MD5

    5c70052ed7afaedfd084a8d48a660ba2

  • SHA1

    3b784c38e3556d1c0f99d37bf4f2b93fc688638e

  • SHA256

    c3a2a5a0ca8586f73b4867ed30c3201ad5d2f7dd4e1e69f4c9a12638f1b50fa2

  • SHA512

    f2d3aabd4866ec09e9f2ea9589df48f50e7779cfdc271fbbee7e6032e57a104a89b22e8e8900f3f97b700ff00503864f3e1c244916c766a37ba9039e61c1bafd

  • SSDEEP

    24576:h1OYdaOfCZ/iWCvu/2sWsJA/jlt+DHhs8:h1OshCpYO/dJJDHhs8

Malware Config

Targets

    • Target

      c3a2a5a0ca8586f73b4867ed30c3201ad5d2f7dd4e1e69f4c9a12638f1b50fa2

    • Size

      931KB

    • MD5

      5c70052ed7afaedfd084a8d48a660ba2

    • SHA1

      3b784c38e3556d1c0f99d37bf4f2b93fc688638e

    • SHA256

      c3a2a5a0ca8586f73b4867ed30c3201ad5d2f7dd4e1e69f4c9a12638f1b50fa2

    • SHA512

      f2d3aabd4866ec09e9f2ea9589df48f50e7779cfdc271fbbee7e6032e57a104a89b22e8e8900f3f97b700ff00503864f3e1c244916c766a37ba9039e61c1bafd

    • SSDEEP

      24576:h1OYdaOfCZ/iWCvu/2sWsJA/jlt+DHhs8:h1OshCpYO/dJJDHhs8

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks