General
-
Target
18d1a10285383dbf8a2343e4b9c1fc3c.exe
-
Size
2.0MB
-
Sample
231226-vp9nxaffbq
-
MD5
18d1a10285383dbf8a2343e4b9c1fc3c
-
SHA1
e0a53fa4e9f303e87dfe612a9495290ea27e21d3
-
SHA256
952317229d1e77340b65639145073369a7e1a0a38718e05819c9c4791ecd5534
-
SHA512
d3000f6115555a836661617e36c5af4bc61acfdff5b51b94136b8497de3a2b8d4b449dc1307726f434774500e960ae6f0f0c5bda94a041ca384f17cfbd32da46
-
SSDEEP
49152:MvVl3ySej9XajZGssKdpH/AoBbuejcxh7ZOGx74fp:a3CSekIT+AUNjMFZOGx70
Malware Config
Targets
-
-
Target
18d1a10285383dbf8a2343e4b9c1fc3c.exe
-
Size
2.0MB
-
MD5
18d1a10285383dbf8a2343e4b9c1fc3c
-
SHA1
e0a53fa4e9f303e87dfe612a9495290ea27e21d3
-
SHA256
952317229d1e77340b65639145073369a7e1a0a38718e05819c9c4791ecd5534
-
SHA512
d3000f6115555a836661617e36c5af4bc61acfdff5b51b94136b8497de3a2b8d4b449dc1307726f434774500e960ae6f0f0c5bda94a041ca384f17cfbd32da46
-
SSDEEP
49152:MvVl3ySej9XajZGssKdpH/AoBbuejcxh7ZOGx74fp:a3CSekIT+AUNjMFZOGx70
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1