General

  • Target

    7995c5a0129f58f87826d40dce0e7bcf

  • Size

    200KB

  • Sample

    240127-hws9aahaem

  • MD5

    7995c5a0129f58f87826d40dce0e7bcf

  • SHA1

    669d2e136a23adf09d2d42904bda5dcee19af16e

  • SHA256

    44b958aa74e6cdd849438ff04956a94305dd611ef06353edc83f2b34f94a16e1

  • SHA512

    3975a8a9726388b02833855b2974f6c22b32213e4437f60122b3f89c364e9da37d6c3ec5c955d777f5d955df1749c061f1bd8cddef58285590dec280f0947d3a

  • SSDEEP

    6144:TlLq/I+mO31DBybYdTJgr9OuZjOVce3BHdmzG3W:xLqbN33RJgnRgVH4zGm

Malware Config

Targets

    • Target

      7995c5a0129f58f87826d40dce0e7bcf

    • Size

      200KB

    • MD5

      7995c5a0129f58f87826d40dce0e7bcf

    • SHA1

      669d2e136a23adf09d2d42904bda5dcee19af16e

    • SHA256

      44b958aa74e6cdd849438ff04956a94305dd611ef06353edc83f2b34f94a16e1

    • SHA512

      3975a8a9726388b02833855b2974f6c22b32213e4437f60122b3f89c364e9da37d6c3ec5c955d777f5d955df1749c061f1bd8cddef58285590dec280f0947d3a

    • SSDEEP

      6144:TlLq/I+mO31DBybYdTJgr9OuZjOVce3BHdmzG3W:xLqbN33RJgnRgVH4zGm

    • Disables taskbar notifications via registry modification

    • Modifies Installed Components in the registry

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks