Resubmissions

09-05-2023 18:41

230509-xbr8tadd33 1

09-05-2023 18:40

230509-xbcs5add29 1

09-05-2023 18:22

230509-wzwepsfc4v 8

09-05-2023 18:18

230509-wxq27sdc58 1

09-05-2023 18:14

230509-wvfhpadc47 6

General

  • Target

    pete.svg

  • Size

    13KB

  • Sample

    230509-wzwepsfc4v

  • MD5

    41e8b14ea397af921e8c0c7856324f7b

  • SHA1

    af831d8dab0472e5b9275b19b464002f879a9399

  • SHA256

    a2cb0e7359dfc56f8b8e043d20383c60867f0dcfb808cca56318a1a36d3f8d66

  • SHA512

    1536da8cb02c917065cc538318a36bed80b782fc51ffa2ed1e3a563b4fda5ed0c31290c6b92efd30ad275aa14e3666ec208288eadbae770d0a61aa9aa5d18854

  • SSDEEP

    384:LKuyWu/uK2BlW5P2Zu0zyignTeNS1YlPPC3BTpDH:LKubu/uK2BlWjoSSlnCRTpz

Malware Config

Targets

    • Target

      pete.svg

    • Size

      13KB

    • MD5

      41e8b14ea397af921e8c0c7856324f7b

    • SHA1

      af831d8dab0472e5b9275b19b464002f879a9399

    • SHA256

      a2cb0e7359dfc56f8b8e043d20383c60867f0dcfb808cca56318a1a36d3f8d66

    • SHA512

      1536da8cb02c917065cc538318a36bed80b782fc51ffa2ed1e3a563b4fda5ed0c31290c6b92efd30ad275aa14e3666ec208288eadbae770d0a61aa9aa5d18854

    • SSDEEP

      384:LKuyWu/uK2BlW5P2Zu0zyignTeNS1YlPPC3BTpDH:LKubu/uK2BlWjoSSlnCRTpz

    • Downloads MZ/PE file

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks