General
-
Target
Doc-102PO-207841001jpg.exe
-
Size
2MB
-
Sample
230125-mqewxshd5w
-
MD5
0596aefc251ba32dcb538593b0616568
-
SHA1
9ceb68e35b93711e8247512c21ad2ccd6b8da938
-
SHA256
f085f0ece42084f2ce26c28a27ebc9457ae32b2ecd632b3073500b7e17805659
-
SHA512
da0d4d63ce9ecfc3d892b20f55be6769a5d28a77d9c3b7f4cb22abc51e3be604c102c1e6b7c4d7464dc8dc3f4730b204654c82292ad8899004e90cd7b4a66a5d
-
SSDEEP
49152:gbB0FQB5MLPlG5/8uMLq0u5hRD5pbjX7i4l8B/oy6kRMF4mK/LPS/yYCxL:g90sW0dRfj7O/oyBqi/TS/yYCxL
Malware Config
Targets
-
-
Target
Doc-102PO-207841001jpg.exe
-
Size
2MB
-
MD5
0596aefc251ba32dcb538593b0616568
-
SHA1
9ceb68e35b93711e8247512c21ad2ccd6b8da938
-
SHA256
f085f0ece42084f2ce26c28a27ebc9457ae32b2ecd632b3073500b7e17805659
-
SHA512
da0d4d63ce9ecfc3d892b20f55be6769a5d28a77d9c3b7f4cb22abc51e3be604c102c1e6b7c4d7464dc8dc3f4730b204654c82292ad8899004e90cd7b4a66a5d
-
SSDEEP
49152:gbB0FQB5MLPlG5/8uMLq0u5hRD5pbjX7i4l8B/oy6kRMF4mK/LPS/yYCxL:g90sW0dRfj7O/oyBqi/TS/yYCxL
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Command and Control
Credential Access
Credentials in Files
1Defense Evasion
Modify Registry
1Execution
Command-Line Interface
1Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Registry Run Keys / Startup Folder
1Privilege Escalation