General
-
Target
MDE_File_Sample_5637533f19d87a433a7fe12ce78ad7e5518c40b5.zip
-
Size
12.1MB
-
Sample
231212-mfjr5acgg8
-
MD5
c74fe750d04acb65ba9d9a4b154bb77e
-
SHA1
398569b2e75e186490add91c63dacccbe1194d2b
-
SHA256
8c3f4d34c8bf9b558cb9c01ff68a1e37966aac0064c3c6c3df46abc42eba6918
-
SHA512
d27d0b2c6d5f32bc00b3609d39d3a3353407876cb561c322281a5c2325638f2133f1e2c9dc6ac5d6887b73969311a8433e037010901c8bf4509186f4c7b79262
-
SSDEEP
196608:QnWMzSWQxQ7HWdXbVgECQFqrKKsNegqxM3c7p3prutFbyCjUMrn3GtI8HPYbbufS:Qn6jwHYVgEbCyvc7pE2CjUcfqAHufxU
Malware Config
Targets
-
-
Target
FileZilla_3.66.0_win64_sponsored2-setup.exe
-
Size
12.1MB
-
MD5
6dd9e17c098a5c9d9da2146fadf9d071
-
SHA1
5637533f19d87a433a7fe12ce78ad7e5518c40b5
-
SHA256
edca5598fc8715a5ca8bd77e7b8fb8bf1ccebdec3f5543f67058ebd572b3aba9
-
SHA512
1cb10a00f208a54f6d3a7f4e1939d6d5f7124525bd95f18c3ff45570fa240d8e73c002295a39dafcc560785fef85f61a8450728f3d42e23dfc3addd6af2287f6
-
SSDEEP
393216:DAScWJzs+eBLT0PO+x7fNDNhGVWHD7ga1PkLQ9:DAxWpsFKvFFjGVOD7ga1Pt9
Score8/10-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1