General

  • Target

    Windows10Upgrade9252.exe

  • Size

    3.2MB

  • Sample

    240212-wcetfaaf9v

  • MD5

    c0b25def4312fbddbcc4f01c6c0f5ba6

  • SHA1

    8d16a183d61233e7d6b6af7b3cafc6645ac2acb1

  • SHA256

    c0424d0ae06ca1e6e0249b40d33ac40d74075856d543ec0924884664fba52b79

  • SHA512

    8c67619747bb108dae5661688ec8fa4c62bc6ac38ee6ff14a4691aab04d7ddd870fee4262cb30624a6bd85ac1f7595af05311496b0336f979e7e5f797791bc0e

  • SSDEEP

    98304:GgjXlctych4cCzJ8k2omX8sUf0ht5f/LyXtcH/:JjKtych9CzJqXM32jyX

Malware Config

Targets

    • Target

      Windows10Upgrade9252.exe

    • Size

      3.2MB

    • MD5

      c0b25def4312fbddbcc4f01c6c0f5ba6

    • SHA1

      8d16a183d61233e7d6b6af7b3cafc6645ac2acb1

    • SHA256

      c0424d0ae06ca1e6e0249b40d33ac40d74075856d543ec0924884664fba52b79

    • SHA512

      8c67619747bb108dae5661688ec8fa4c62bc6ac38ee6ff14a4691aab04d7ddd870fee4262cb30624a6bd85ac1f7595af05311496b0336f979e7e5f797791bc0e

    • SSDEEP

      98304:GgjXlctych4cCzJ8k2omX8sUf0ht5f/LyXtcH/:JjKtych9CzJqXM32jyX

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks