General

  • Target

    4ba96ecdcdfa746de28a0ee3ef474842e829917c9486ace35ec4cc2fa1ad956f

  • Size

    5.6MB

  • Sample

    230102-jhsw2agg8y

  • MD5

    7f10125be56d12f583d799ab88e39bf9

  • SHA1

    9c4b2170f21b1752729b260a59f730ab97aa27ca

  • SHA256

    4ba96ecdcdfa746de28a0ee3ef474842e829917c9486ace35ec4cc2fa1ad956f

  • SHA512

    56a4fff01280f79171f3bd28e4fb40c5d09614ee67679b396bbfdec5efbb63f5e0b96105c687eb2beaa44eab0851da386ad0f7a7ab533483a2745641e15a3b4d

  • SSDEEP

    98304:9YFkXiz3FcBnd1X0HHdWHp9TRRhTcRQVhLhLkSr8DKOrbkC8+1tSj0yu:uFm8GJd1X0HHdULmy9SqsBl8+1tSjt

Malware Config

Targets

    • Target

      4ba96ecdcdfa746de28a0ee3ef474842e829917c9486ace35ec4cc2fa1ad956f

    • Size

      5.6MB

    • MD5

      7f10125be56d12f583d799ab88e39bf9

    • SHA1

      9c4b2170f21b1752729b260a59f730ab97aa27ca

    • SHA256

      4ba96ecdcdfa746de28a0ee3ef474842e829917c9486ace35ec4cc2fa1ad956f

    • SHA512

      56a4fff01280f79171f3bd28e4fb40c5d09614ee67679b396bbfdec5efbb63f5e0b96105c687eb2beaa44eab0851da386ad0f7a7ab533483a2745641e15a3b4d

    • SSDEEP

      98304:9YFkXiz3FcBnd1X0HHdWHp9TRRhTcRQVhLhLkSr8DKOrbkC8+1tSj0yu:uFm8GJd1X0HHdULmy9SqsBl8+1tSjt

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks