General

  • Target

    c37a469dbfac8b9f55fc183ab433664fc76ee1f6d2db39b267152baaf6086e59

  • Size

    920KB

  • Sample

    221124-ycxqcshe6x

  • MD5

    dc1a73fd9cb11527f17dfaf19664198b

  • SHA1

    4e3b17374c16730a51fe82199681630e5929d112

  • SHA256

    c37a469dbfac8b9f55fc183ab433664fc76ee1f6d2db39b267152baaf6086e59

  • SHA512

    d0a2e4607d20fd98fd293495711beba3d48a111f6d8fd608c0b19e78ee7ca5ec4e56bffd755b9fa3984b115ddef81fc51f579d3b9a935bcd181d5a7da0b4be94

Malware Config

Targets

    • Target

      c37a469dbfac8b9f55fc183ab433664fc76ee1f6d2db39b267152baaf6086e59

    • Size

      920KB

    • MD5

      dc1a73fd9cb11527f17dfaf19664198b

    • SHA1

      4e3b17374c16730a51fe82199681630e5929d112

    • SHA256

      c37a469dbfac8b9f55fc183ab433664fc76ee1f6d2db39b267152baaf6086e59

    • SHA512

      d0a2e4607d20fd98fd293495711beba3d48a111f6d8fd608c0b19e78ee7ca5ec4e56bffd755b9fa3984b115ddef81fc51f579d3b9a935bcd181d5a7da0b4be94

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops file in System32 directory

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation