General

  • Target

    030bad2f855ca0f00316ddd0bd266bbb.exe

  • Size

    96KB

  • Sample

    240101-ytaxxshbcn

  • MD5

    030bad2f855ca0f00316ddd0bd266bbb

  • SHA1

    0576bf7d72f1e1e2e8e1ab60c3aa6e62d8b6f6e8

  • SHA256

    b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3

  • SHA512

    3343118d0daec3defcd823748fe3872666d3b14ddb99770f35bceaa6de18fdb94bcac267ad82beef7b9459181539390d4cdf1b97a8bb1601dc79eba09d2d1eba

  • SSDEEP

    1536:ezDBda3hhnnFhrXzRGxfaBv7kqxgEEVa0:G9da3hhnFhrDu8vZue0

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    darkwarrior

Targets

    • Target

      030bad2f855ca0f00316ddd0bd266bbb.exe

    • Size

      96KB

    • MD5

      030bad2f855ca0f00316ddd0bd266bbb

    • SHA1

      0576bf7d72f1e1e2e8e1ab60c3aa6e62d8b6f6e8

    • SHA256

      b804b753be765e9449600bb7dd46f36cbaa2bc92e29fe62f4e4bde26a1a87ae3

    • SHA512

      3343118d0daec3defcd823748fe3872666d3b14ddb99770f35bceaa6de18fdb94bcac267ad82beef7b9459181539390d4cdf1b97a8bb1601dc79eba09d2d1eba

    • SSDEEP

      1536:ezDBda3hhnnFhrXzRGxfaBv7kqxgEEVa0:G9da3hhnFhrDu8vZue0

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks