General

  • Target

    fee9315fb1af4647e7a47424f257fc5906baa309d03f269fe6e6d51237a5099e

  • Size

    255KB

  • Sample

    221127-vxajsahg7z

  • MD5

    0cadf663b283d3e9bc221edfd019a34d

  • SHA1

    ed420474c281304b83447b73c16e59293adf2e0f

  • SHA256

    fee9315fb1af4647e7a47424f257fc5906baa309d03f269fe6e6d51237a5099e

  • SHA512

    37e208bef3554fc9ca132051d5803038db36b74a8907ea1ea7ee8e34e4ec647c82e77b48113edfa6d9c2bde3487e36462fd7a2ab860e78f228188fdd113d8d88

  • SSDEEP

    3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJN:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI+

Malware Config

Targets

    • Target

      fee9315fb1af4647e7a47424f257fc5906baa309d03f269fe6e6d51237a5099e

    • Size

      255KB

    • MD5

      0cadf663b283d3e9bc221edfd019a34d

    • SHA1

      ed420474c281304b83447b73c16e59293adf2e0f

    • SHA256

      fee9315fb1af4647e7a47424f257fc5906baa309d03f269fe6e6d51237a5099e

    • SHA512

      37e208bef3554fc9ca132051d5803038db36b74a8907ea1ea7ee8e34e4ec647c82e77b48113edfa6d9c2bde3487e36462fd7a2ab860e78f228188fdd113d8d88

    • SSDEEP

      3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJN:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI+

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks