General

  • Target

    MicrosoftEdgeSetup.exe

  • Size

    1.5MB

  • Sample

    240322-1zy8tahe74

  • MD5

    6f75e80c47c5f1f54063b26a08d1c1d4

  • SHA1

    05558c1122076096c1d648e5cb21a37e0d951467

  • SHA256

    f49d99ebc8a856bba424cfcf3086ee88f2e87d8e6aefd74e4f3995ec047f7ec5

  • SHA512

    463a0daab16924774915c02e8ea0a360f29c0e789368916e50ad0f20ed343fea492f5da171ac96b8a0b8cc54dc9bf2f436c557a3315b3a8e3a8e4722ab0c7ef2

  • SSDEEP

    49152:7y+3Q/13Fc2eu2RVHSXoHGAPl76ojGqCxp:7yN3FVeRVHooHVP+xp

Malware Config

Targets

    • Target

      MicrosoftEdgeSetup.exe

    • Size

      1.5MB

    • MD5

      6f75e80c47c5f1f54063b26a08d1c1d4

    • SHA1

      05558c1122076096c1d648e5cb21a37e0d951467

    • SHA256

      f49d99ebc8a856bba424cfcf3086ee88f2e87d8e6aefd74e4f3995ec047f7ec5

    • SHA512

      463a0daab16924774915c02e8ea0a360f29c0e789368916e50ad0f20ed343fea492f5da171ac96b8a0b8cc54dc9bf2f436c557a3315b3a8e3a8e4722ab0c7ef2

    • SSDEEP

      49152:7y+3Q/13Fc2eu2RVHSXoHGAPl76ojGqCxp:7yN3FVeRVHooHVP+xp

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks