General

  • Target

    54b1da1c16d8dd8c121c95eaa705aa93

  • Size

    212KB

  • Sample

    240111-1xa37sabd5

  • MD5

    54b1da1c16d8dd8c121c95eaa705aa93

  • SHA1

    95ea8c091e1550778ced92f61e795e071e3f25fe

  • SHA256

    37a2d60c1263d20fcbe71038314073e0c9b40cbc0eef31fd05eca9e53be93c75

  • SHA512

    570f620a7dade80891189dfad95c514da5f93ca2e650ebba6f72a18201db52252fc03b9bc77370445f2f62b5e903d68f39ba655b2ad453f22cb8ef243b853a2b

  • SSDEEP

    6144:K8x1Nj/T9iK4Lpu6HPirxW+26NU7NBsp7:X1X4Lo6wxW+26NU7NBsp7

Malware Config

Targets

    • Target

      54b1da1c16d8dd8c121c95eaa705aa93

    • Size

      212KB

    • MD5

      54b1da1c16d8dd8c121c95eaa705aa93

    • SHA1

      95ea8c091e1550778ced92f61e795e071e3f25fe

    • SHA256

      37a2d60c1263d20fcbe71038314073e0c9b40cbc0eef31fd05eca9e53be93c75

    • SHA512

      570f620a7dade80891189dfad95c514da5f93ca2e650ebba6f72a18201db52252fc03b9bc77370445f2f62b5e903d68f39ba655b2ad453f22cb8ef243b853a2b

    • SSDEEP

      6144:K8x1Nj/T9iK4Lpu6HPirxW+26NU7NBsp7:X1X4Lo6wxW+26NU7NBsp7

    • 44Caliber

      An open source infostealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks