General

  • Target

    c37ef81df47227fd262d8247fc5607f6e42890f64669c889902105b2e0766dc6

  • Size

    2MB

  • Sample

    221124-ycwhased79

  • MD5

    5a0e9c31a6a64b678faa865c857b606e

  • SHA1

    8fc86ba5af74a2631b1eef49d964020e5c360762

  • SHA256

    c37ef81df47227fd262d8247fc5607f6e42890f64669c889902105b2e0766dc6

  • SHA512

    83442a673b13beba03cbb5d6811edb739060e54dec5434cc39be968bb4345396b32bc6ab3cee45cd97190164ca1bbc74daef53b7348ff82116a68f1f8c88bf8a

Malware Config

Targets

    • Target

      c37ef81df47227fd262d8247fc5607f6e42890f64669c889902105b2e0766dc6

    • Size

      2MB

    • MD5

      5a0e9c31a6a64b678faa865c857b606e

    • SHA1

      8fc86ba5af74a2631b1eef49d964020e5c360762

    • SHA256

      c37ef81df47227fd262d8247fc5607f6e42890f64669c889902105b2e0766dc6

    • SHA512

      83442a673b13beba03cbb5d6811edb739060e54dec5434cc39be968bb4345396b32bc6ab3cee45cd97190164ca1bbc74daef53b7348ff82116a68f1f8c88bf8a

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Discovery

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

              Privilege Escalation