General

  • Target

    Doc-102PO-207841001jpg.exe

  • Size

    2MB

  • Sample

    230125-mqewxshd5w

  • MD5

    0596aefc251ba32dcb538593b0616568

  • SHA1

    9ceb68e35b93711e8247512c21ad2ccd6b8da938

  • SHA256

    f085f0ece42084f2ce26c28a27ebc9457ae32b2ecd632b3073500b7e17805659

  • SHA512

    da0d4d63ce9ecfc3d892b20f55be6769a5d28a77d9c3b7f4cb22abc51e3be604c102c1e6b7c4d7464dc8dc3f4730b204654c82292ad8899004e90cd7b4a66a5d

  • SSDEEP

    49152:gbB0FQB5MLPlG5/8uMLq0u5hRD5pbjX7i4l8B/oy6kRMF4mK/LPS/yYCxL:g90sW0dRfj7O/oyBqi/TS/yYCxL

Malware Config

Targets

    • Target

      Doc-102PO-207841001jpg.exe

    • Size

      2MB

    • MD5

      0596aefc251ba32dcb538593b0616568

    • SHA1

      9ceb68e35b93711e8247512c21ad2ccd6b8da938

    • SHA256

      f085f0ece42084f2ce26c28a27ebc9457ae32b2ecd632b3073500b7e17805659

    • SHA512

      da0d4d63ce9ecfc3d892b20f55be6769a5d28a77d9c3b7f4cb22abc51e3be604c102c1e6b7c4d7464dc8dc3f4730b204654c82292ad8899004e90cd7b4a66a5d

    • SSDEEP

      49152:gbB0FQB5MLPlG5/8uMLq0u5hRD5pbjX7i4l8B/oy6kRMF4mK/LPS/yYCxL:g90sW0dRfj7O/oyBqi/TS/yYCxL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Exfiltration

      Impact

        Initial Access

          Lateral Movement

            Privilege Escalation

              Tasks