General

  • Target

    a193e4b273ce369338408e550ecd76d5.exe

  • Size

    512KB

  • Sample

    240107-x93gfadee8

  • MD5

    a193e4b273ce369338408e550ecd76d5

  • SHA1

    87441d6e9bbc39d72223e46f0a8391ecf21f5692

  • SHA256

    729fc5a004f4f978a1bb2ea3e7ee8ea12e1896be1cab5ea5afc21f6cee495c43

  • SHA512

    fe01e7cf10467f8093fcb72abe72e5b4da2361b9af9d556be7977a8e58c3dc27d9d1e39b6facd0b127433af9d7b46b4cc28cf348fe1cb641cd4dd63d0f4f30ce

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj67:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5C

Malware Config

Targets

    • Target

      a193e4b273ce369338408e550ecd76d5.exe

    • Size

      512KB

    • MD5

      a193e4b273ce369338408e550ecd76d5

    • SHA1

      87441d6e9bbc39d72223e46f0a8391ecf21f5692

    • SHA256

      729fc5a004f4f978a1bb2ea3e7ee8ea12e1896be1cab5ea5afc21f6cee495c43

    • SHA512

      fe01e7cf10467f8093fcb72abe72e5b4da2361b9af9d556be7977a8e58c3dc27d9d1e39b6facd0b127433af9d7b46b4cc28cf348fe1cb641cd4dd63d0f4f30ce

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj67:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5C

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Disables RegEdit via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks