General

  • Target

    15940963f5cd71e4a9f686a383211663cc501ffe34ffd9582c1300af4d56b351

  • Size

    194KB

  • Sample

    221128-fdzx1afe24

  • MD5

    33149556181719096a9870e2897ad643

  • SHA1

    5595d547b618d4908504fc27acf13e8241f69965

  • SHA256

    15940963f5cd71e4a9f686a383211663cc501ffe34ffd9582c1300af4d56b351

  • SHA512

    0112397627dbd2065fbff3d2645129319aa146cc3d4d177ca42cf001afde9862e0952033997d95a278959fe8cc300ada9563ae6873c64dfa351fa369855919bf

  • SSDEEP

    3072:Uv5ChRQUknU7TfNMXgSrayXVE9y4qQDHg2EPkoTrEsjHZvQ3hl43vpMvxGWqB2cK:dh6zU7T1DylEtDAvPJTrF5vQ37IM

Malware Config

Targets

    • Target

      15940963f5cd71e4a9f686a383211663cc501ffe34ffd9582c1300af4d56b351

    • Size

      194KB

    • MD5

      33149556181719096a9870e2897ad643

    • SHA1

      5595d547b618d4908504fc27acf13e8241f69965

    • SHA256

      15940963f5cd71e4a9f686a383211663cc501ffe34ffd9582c1300af4d56b351

    • SHA512

      0112397627dbd2065fbff3d2645129319aa146cc3d4d177ca42cf001afde9862e0952033997d95a278959fe8cc300ada9563ae6873c64dfa351fa369855919bf

    • SSDEEP

      3072:Uv5ChRQUknU7TfNMXgSrayXVE9y4qQDHg2EPkoTrEsjHZvQ3hl43vpMvxGWqB2cK:dh6zU7T1DylEtDAvPJTrF5vQ37IM

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks