General

  • Target

    0A1566AB1FBA4F2021680B2F7C2B16EA.exe

  • Size

    1.6MB

  • Sample

    231221-y1jteaecd8

  • MD5

    0a1566ab1fba4f2021680b2f7c2b16ea

  • SHA1

    de04cf07fa0e4d8c0e4bcd0d3293c7d26dbd5767

  • SHA256

    550e893759da573a62c1c16144f5e8fa65e6df3eabd53c60648b9ac6748c1b8c

  • SHA512

    0ee5f9d91c652804d551633dce06d2b0f1907ccd95fc76d4a04fb9b2806187069f9b27a172988df5d0ae9ce0191d91e58ca40df6ab0452d3d63172c170ae4e14

  • SSDEEP

    24576:pytg/aZ1fPmDXK+PqApNk5VV2OEgluKfDpfojwEDKxaAxmkZQ51A/y+9sXSTQH16:ctPfPsaGqA8xfEg9iGxnmdbAqNST+6I

Malware Config

Targets

    • Target

      0A1566AB1FBA4F2021680B2F7C2B16EA.exe

    • Size

      1.6MB

    • MD5

      0a1566ab1fba4f2021680b2f7c2b16ea

    • SHA1

      de04cf07fa0e4d8c0e4bcd0d3293c7d26dbd5767

    • SHA256

      550e893759da573a62c1c16144f5e8fa65e6df3eabd53c60648b9ac6748c1b8c

    • SHA512

      0ee5f9d91c652804d551633dce06d2b0f1907ccd95fc76d4a04fb9b2806187069f9b27a172988df5d0ae9ce0191d91e58ca40df6ab0452d3d63172c170ae4e14

    • SSDEEP

      24576:pytg/aZ1fPmDXK+PqApNk5VV2OEgluKfDpfojwEDKxaAxmkZQ51A/y+9sXSTQH16:ctPfPsaGqA8xfEg9iGxnmdbAqNST+6I

    • Detected google phishing page

    • Modifies Windows Defender Real-time Protection settings

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks