General

  • Target

    f701a5eec52ead5b00a804f3c1184ae52d594c31373d81cbe703dc781c0bf01c

  • Size

    1.5MB

  • Sample

    221127-p2jqcshc44

  • MD5

    a4163fc4c04bf451136bd8249742e18e

  • SHA1

    af83708587f25ef7895f8b209d86b0a5d2ba0fda

  • SHA256

    f701a5eec52ead5b00a804f3c1184ae52d594c31373d81cbe703dc781c0bf01c

  • SHA512

    94aeaeed0c60dc22def41b2a2608abd51608c44c584ddda93712f9add96cfb6760dc9879a2dd7d09d029131448be88cb7a3fe312e12668ce377080244dfd1c17

  • SSDEEP

    24576:C7YshVGSTjsngyOiaYlukTfFb2ywfSRyZ+cE1d8hGpWTyc1qRWYa69MHFoy:C7Ys7NJd69TNblKKHadKW39x

Malware Config

Targets

    • Target

      f701a5eec52ead5b00a804f3c1184ae52d594c31373d81cbe703dc781c0bf01c

    • Size

      1.5MB

    • MD5

      a4163fc4c04bf451136bd8249742e18e

    • SHA1

      af83708587f25ef7895f8b209d86b0a5d2ba0fda

    • SHA256

      f701a5eec52ead5b00a804f3c1184ae52d594c31373d81cbe703dc781c0bf01c

    • SHA512

      94aeaeed0c60dc22def41b2a2608abd51608c44c584ddda93712f9add96cfb6760dc9879a2dd7d09d029131448be88cb7a3fe312e12668ce377080244dfd1c17

    • SSDEEP

      24576:C7YshVGSTjsngyOiaYlukTfFb2ywfSRyZ+cE1d8hGpWTyc1qRWYa69MHFoy:C7Ys7NJd69TNblKKHadKW39x

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks