General

  • Target

    c0817f3dc80d3f693f5d7280d30ed7f7fcf8087aee715982a1f9fc259b681896

  • Size

    2.5MB

  • Sample

    221124-yjd7laeg76

  • MD5

    1400928994f84ba4ba3a5b2b2c212b2c

  • SHA1

    10325cf989b6142dd1eb6653793e2b3ced2bd665

  • SHA256

    c0817f3dc80d3f693f5d7280d30ed7f7fcf8087aee715982a1f9fc259b681896

  • SHA512

    24b5aa7a38268465a7b6071904790e40c5bb8407f3eca467eeed0be545bc574962f1d1df7cfef032b308325e099ff23a1ebe21fe8f6311a40b13d7189f451cac

  • SSDEEP

    49152:h1OsoyDFXmj+BHBALGk7GNIgSDjjQkzYznJKOZaB/IsxY:h1Od0JSqALGkqaDj7Y

Malware Config

Targets

    • Target

      c0817f3dc80d3f693f5d7280d30ed7f7fcf8087aee715982a1f9fc259b681896

    • Size

      2.5MB

    • MD5

      1400928994f84ba4ba3a5b2b2c212b2c

    • SHA1

      10325cf989b6142dd1eb6653793e2b3ced2bd665

    • SHA256

      c0817f3dc80d3f693f5d7280d30ed7f7fcf8087aee715982a1f9fc259b681896

    • SHA512

      24b5aa7a38268465a7b6071904790e40c5bb8407f3eca467eeed0be545bc574962f1d1df7cfef032b308325e099ff23a1ebe21fe8f6311a40b13d7189f451cac

    • SSDEEP

      49152:h1OsoyDFXmj+BHBALGk7GNIgSDjjQkzYznJKOZaB/IsxY:h1Od0JSqALGkqaDj7Y

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks