General

  • Target

    a71a8e88ff396e069603c47c20f0d605.exe

  • Size

    460KB

  • Sample

    240107-yac8yacfdq

  • MD5

    a71a8e88ff396e069603c47c20f0d605

  • SHA1

    276e922218fe338523b12842f62b98128cef3155

  • SHA256

    c9e67c13ad6c274dea95c1e27b72424ea3285958255e9e204100bca8f1f4839b

  • SHA512

    bfc9b7037ab4bf004b261853cb4fae5b649eb0980fe62de246044c62dc77720d9e2e57ef335893a271a675abef10d910fba008b1f350a198263543ea62cad40b

  • SSDEEP

    12288:IYIaFfOOYXrkA+H6UZtT7SdYGDihVCXcFJD:X4Xrv6RTW9WDCXID

Malware Config

Targets

    • Target

      a71a8e88ff396e069603c47c20f0d605.exe

    • Size

      460KB

    • MD5

      a71a8e88ff396e069603c47c20f0d605

    • SHA1

      276e922218fe338523b12842f62b98128cef3155

    • SHA256

      c9e67c13ad6c274dea95c1e27b72424ea3285958255e9e204100bca8f1f4839b

    • SHA512

      bfc9b7037ab4bf004b261853cb4fae5b649eb0980fe62de246044c62dc77720d9e2e57ef335893a271a675abef10d910fba008b1f350a198263543ea62cad40b

    • SSDEEP

      12288:IYIaFfOOYXrkA+H6UZtT7SdYGDihVCXcFJD:X4Xrv6RTW9WDCXID

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks