Resubmissions

20-03-2024 16:08

240320-tla6hadc8t 10

27-11-2023 17:21

231127-vw5zasag8z 7

General

  • Target

    74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994.exe

  • Size

    2.0MB

  • Sample

    231127-vw5zasag8z

  • MD5

    2f05a56a349dce85119e7fda9e8047ac

  • SHA1

    2f5afa9af299cba599c57fd99319268db803b31b

  • SHA256

    74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994

  • SHA512

    fe85ed5b4702c60770dca17790e826a64cbb028fd0ee6d325cac90e3040efe9700eb7db0d11c71f7dfab20d283acb036e6c8cb3de61ca7e583c28026acf08d0b

  • SSDEEP

    49152:13NvRA0BjE8tCpIQontgzhDeGN8HHA7twVJ6M7Qzio1/Hzwo7L:13Q0BnkpiCzhjNaHA7M7Qz/bh7L

Malware Config

Targets

    • Target

      74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994.exe

    • Size

      2.0MB

    • MD5

      2f05a56a349dce85119e7fda9e8047ac

    • SHA1

      2f5afa9af299cba599c57fd99319268db803b31b

    • SHA256

      74c56662da67972bf4554ff9b23afc5bdab477ba8d4929e1d7dbc608bdc96994

    • SHA512

      fe85ed5b4702c60770dca17790e826a64cbb028fd0ee6d325cac90e3040efe9700eb7db0d11c71f7dfab20d283acb036e6c8cb3de61ca7e583c28026acf08d0b

    • SSDEEP

      49152:13NvRA0BjE8tCpIQontgzhDeGN8HHA7twVJ6M7Qzio1/Hzwo7L:13Q0BnkpiCzhjNaHA7M7Qz/bh7L

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks