General
-
Target
wx0840558555a454ed_10000_installer.exe
-
Size
6MB
-
Sample
230325-lnmcjsec4x
-
MD5
cedfe1378cd3fc5e72487c661ce221c8
-
SHA1
4725d89dab84467edbfb03c70b0283845207e00f
-
SHA256
bdadd25670c7e3c6937ab6ef55846dd5e57e2c8fcf3490817cc6b73535a9a521
-
SHA512
e308cc8ae03dd435f7d0284a1f1fc8be8e3290232771ace74d2690995b3db1e5d38c92006c5125412b702f354496928be3d00069c01040eb5e58f3e5fe8ea46f
-
SSDEEP
98304:WM5Zv1JVRnd083Wx3QCUkb3+3r40rl/t7FclWSV7SxyqxrCC:TLv3e83Y3me3+rl1Feav
Malware Config
Targets
-
-
Target
wx0840558555a454ed_10000_installer.exe
-
Size
6MB
-
MD5
cedfe1378cd3fc5e72487c661ce221c8
-
SHA1
4725d89dab84467edbfb03c70b0283845207e00f
-
SHA256
bdadd25670c7e3c6937ab6ef55846dd5e57e2c8fcf3490817cc6b73535a9a521
-
SHA512
e308cc8ae03dd435f7d0284a1f1fc8be8e3290232771ace74d2690995b3db1e5d38c92006c5125412b702f354496928be3d00069c01040eb5e58f3e5fe8ea46f
-
SSDEEP
98304:WM5Zv1JVRnd083Wx3QCUkb3+3r40rl/t7FclWSV7SxyqxrCC:TLv3e83Y3me3+rl1Feav
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix
Collection
Data from Local System
1Command and Control
Credential Access
Credentials in Files
1Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Bootkit
1Privilege Escalation