Resubmissions

04-12-2022 16:24

221204-twvb5aeh53 8

04-12-2022 16:21

221204-ttpc4aac7w 8

04-12-2022 16:16

221204-traf6aed86 8

General

  • Target

    Setup.exe

  • Size

    7.1MB

  • Sample

    221204-ttpc4aac7w

  • MD5

    58f8600ee94571beff3224f75601f0fa

  • SHA1

    31822c3d5cb3131e3b5cfad581a86ac5b305aa67

  • SHA256

    77e45cc490be8582b1fb5dc19f652666a66817daf683ed1f0f1d0003cfae62ec

  • SHA512

    6cb8b32ab2b7d09bfa12d03bb36a76395b142dd9a299108a3e16bc9b822a02a8f185028db02289137abc6e477c8e2a6b122963a57aa76319238daeb619af0ada

  • SSDEEP

    98304:AST/lfZzFcaeYZ0kc2Jo2Tb45Tb7Nkf/OCDm9sv+xUrA6Mv3WFKKTj2un60T28TW:A6Zh1I2JFTb45TPaf/vmOvo5KVBTZsb

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      7.1MB

    • MD5

      58f8600ee94571beff3224f75601f0fa

    • SHA1

      31822c3d5cb3131e3b5cfad581a86ac5b305aa67

    • SHA256

      77e45cc490be8582b1fb5dc19f652666a66817daf683ed1f0f1d0003cfae62ec

    • SHA512

      6cb8b32ab2b7d09bfa12d03bb36a76395b142dd9a299108a3e16bc9b822a02a8f185028db02289137abc6e477c8e2a6b122963a57aa76319238daeb619af0ada

    • SSDEEP

      98304:AST/lfZzFcaeYZ0kc2Jo2Tb45Tb7Nkf/OCDm9sv+xUrA6Mv3WFKKTj2un60T28TW:A6Zh1I2JFTb45TPaf/vmOvo5KVBTZsb

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Sets service image path in registry

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks