General

  • Target

    MainFile-Setup1-_2022_A_PasWrd.rar

  • Size

    14.0MB

  • Sample

    230302-ttz5ladf82

  • MD5

    4f9e1d3674f7040904c3c39cdcfc50e7

  • SHA1

    0549bdc4f055bc94250ad792883f41bf31069902

  • SHA256

    0856726b29bb312422c3f0962ee081160dea8a3edd870a6050d480324b3b63f8

  • SHA512

    facd559202a83ac4975e62be5097c5e5f4f219e42c156caac1c60bf25703ee056df040c598805ff753f1bc98852638115eb0d49fe734932fd1419f8271f5be75

  • SSDEEP

    393216:OhPAI1wPgO4DKob4Qbzwn0D/Ak1lMWwBBtJTHybGolQdmOQmYb:Oh4cwoDDKobXOG/ARWsH9SaFQZmYb

Malware Config

Targets

    • Target

      MainFile-Setup1-_2022_A_PasWrd.rar

    • Size

      14.0MB

    • MD5

      4f9e1d3674f7040904c3c39cdcfc50e7

    • SHA1

      0549bdc4f055bc94250ad792883f41bf31069902

    • SHA256

      0856726b29bb312422c3f0962ee081160dea8a3edd870a6050d480324b3b63f8

    • SHA512

      facd559202a83ac4975e62be5097c5e5f4f219e42c156caac1c60bf25703ee056df040c598805ff753f1bc98852638115eb0d49fe734932fd1419f8271f5be75

    • SSDEEP

      393216:OhPAI1wPgO4DKob4Qbzwn0D/Ak1lMWwBBtJTHybGolQdmOQmYb:Oh4cwoDDKobXOG/ARWsH9SaFQZmYb

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks