General

  • Target

    VirusShare_0a0256318080884872e88011fc0a38ad.exe

  • Size

    680KB

  • Sample

    240302-rnc2rsee33

  • MD5

    0a0256318080884872e88011fc0a38ad

  • SHA1

    a7674099cbb50a985881dc8125d78896f9fac4ad

  • SHA256

    e78066704583fc4bb3be25a0ddf1c9d3c04582d79768b9f14f93066348cefc7c

  • SHA512

    0f0de8543afad2eccf89118117c0f3fda1f78eecbe40f31697e7f02a2d04454cb824ae42ddd804f07c0da5d7df80e7eebcde087f761a21679752c64c54f3498a

  • SSDEEP

    12288:m6/v6441NUFV1QZoxsCKfLBV8hfsvBcLV1snBpBrSRaG6k/ZBA30DfqRHfoXfl0G:FLlqh2GV4RF

Malware Config

Targets

    • Target

      VirusShare_0a0256318080884872e88011fc0a38ad.exe

    • Size

      680KB

    • MD5

      0a0256318080884872e88011fc0a38ad

    • SHA1

      a7674099cbb50a985881dc8125d78896f9fac4ad

    • SHA256

      e78066704583fc4bb3be25a0ddf1c9d3c04582d79768b9f14f93066348cefc7c

    • SHA512

      0f0de8543afad2eccf89118117c0f3fda1f78eecbe40f31697e7f02a2d04454cb824ae42ddd804f07c0da5d7df80e7eebcde087f761a21679752c64c54f3498a

    • SSDEEP

      12288:m6/v6441NUFV1QZoxsCKfLBV8hfsvBcLV1snBpBrSRaG6k/ZBA30DfqRHfoXfl0G:FLlqh2GV4RF

    • Modifies visibility of file extensions in Explorer

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks