General

  • Target

    sample

  • Size

    13KB

  • Sample

    230325-nq27wsef5w

  • MD5

    ca1f5082e55d8868c1eedebfc3f25afc

  • SHA1

    769dd024ff34604c9de4280e8d17432d57bb6e5b

  • SHA256

    2669dac649e31601e4d2410e4cbed5f8fb70ac6a9431856a79491ad865e86fad

  • SHA512

    44b72d79d57a4e98280a1d3db832aa160aa661241fc909048d5adc1c19d1fc3dc0dcbe080f86a6560dbc4d1590a1534a7009d93d5e01c73ee6e847d7bccaf86c

  • SSDEEP

    384:rbuu4oizeVoOsKsElKeGMdU8Hhhbqhf+U2mcb:rbviCVoOsKHI1MxBhbWf1o

Malware Config

Targets

    • Target

      sample

    • Size

      13KB

    • MD5

      ca1f5082e55d8868c1eedebfc3f25afc

    • SHA1

      769dd024ff34604c9de4280e8d17432d57bb6e5b

    • SHA256

      2669dac649e31601e4d2410e4cbed5f8fb70ac6a9431856a79491ad865e86fad

    • SHA512

      44b72d79d57a4e98280a1d3db832aa160aa661241fc909048d5adc1c19d1fc3dc0dcbe080f86a6560dbc4d1590a1534a7009d93d5e01c73ee6e847d7bccaf86c

    • SSDEEP

      384:rbuu4oizeVoOsKsElKeGMdU8Hhhbqhf+U2mcb:rbviCVoOsKHI1MxBhbWf1o

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

4
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

6
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

5
T1012

System Information Discovery

6
T1082

Collection

Data from Local System

1
T1005

Tasks