General

  • Target

    source_prepared.exe

  • Size

    74.0MB

  • Sample

    231122-y3475aee27

  • MD5

    29f991e7f4496a3125e90e92c6bec577

  • SHA1

    53a3207c45d328b529142b6cf3993d8c2cc95d6a

  • SHA256

    34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5

  • SHA512

    b2e8e180605bc29e4b9998960825e80d5ac9c2a8c1ff4eac1a21cd994f7223964e379b6ca9c03a8b94f6bd2eac35dc86728a114c3897d12cf01ab7c094039e86

  • SSDEEP

    1572864:I2MueQpjWkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW6TnZvyh+kh:IZueqKkSkB05awS8Rd0eg2zd7XV8vh

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      74.0MB

    • MD5

      29f991e7f4496a3125e90e92c6bec577

    • SHA1

      53a3207c45d328b529142b6cf3993d8c2cc95d6a

    • SHA256

      34cfd7532b503d8b710bce75ba0e925223ff3ace89312f6311ed8953bc3726a5

    • SHA512

      b2e8e180605bc29e4b9998960825e80d5ac9c2a8c1ff4eac1a21cd994f7223964e379b6ca9c03a8b94f6bd2eac35dc86728a114c3897d12cf01ab7c094039e86

    • SSDEEP

      1572864:I2MueQpjWkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XW6TnZvyh+kh:IZueqKkSkB05awS8Rd0eg2zd7XV8vh

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks