General

  • Target

    80624742f9b3f991d82be8b0969aeef528c647cb85206d1a7acbd50480c99d2d

  • Size

    647KB

  • Sample

    221129-ntb5wahf5x

  • MD5

    adc5d49c45ccba4862a51761729006da

  • SHA1

    e60ec310b32ea913ad69b60c2d100d3d6a873055

  • SHA256

    80624742f9b3f991d82be8b0969aeef528c647cb85206d1a7acbd50480c99d2d

  • SHA512

    ca326567bbea519b836b9888dc5c04b292877075e6ba64e0be5d9b2513a745fbd6527a358394d187c8976e602f706d90a646bcda5becf8f155a1092985305c7f

  • SSDEEP

    12288:6SIm9OrcSIm9OrTS+Fz4atfYSPeAwLFcqTFV+f6l0MlfvOtQ3i+8In+G6bVmS/X5:x6Hls0i+8q+G6bVmSvYP7Sw81tDFyjgz

Malware Config

Targets

    • Target

      80624742f9b3f991d82be8b0969aeef528c647cb85206d1a7acbd50480c99d2d

    • Size

      647KB

    • MD5

      adc5d49c45ccba4862a51761729006da

    • SHA1

      e60ec310b32ea913ad69b60c2d100d3d6a873055

    • SHA256

      80624742f9b3f991d82be8b0969aeef528c647cb85206d1a7acbd50480c99d2d

    • SHA512

      ca326567bbea519b836b9888dc5c04b292877075e6ba64e0be5d9b2513a745fbd6527a358394d187c8976e602f706d90a646bcda5becf8f155a1092985305c7f

    • SSDEEP

      12288:6SIm9OrcSIm9OrTS+Fz4atfYSPeAwLFcqTFV+f6l0MlfvOtQ3i+8In+G6bVmS/X5:x6Hls0i+8q+G6bVmSvYP7Sw81tDFyjgz

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks