General

  • Target

    uninstalltool_setup.exe

  • Size

    5.7MB

  • Sample

    240322-x8fw2sfg98

  • MD5

    ff8691ec698ec599d5ffc38f27fbb002

  • SHA1

    3c8823e5f172c8de504a38c7f83c22e3743eb378

  • SHA256

    2904050a27b48fe508e9f1ee04c55a4142689712a954f4c2005d2dc4fe3f1530

  • SHA512

    791734077e5d0662f1f1550dd623e92507fb9cb009735a709302e2297484371745889e8ef3754a1c434f71f9dabe52387c0c8c5a6474147d8af2b82b6902c3a7

  • SSDEEP

    98304:ykL6/nCk95kN+8eZCRLkH6ibhqRqWAdzdlYsmjzU3Rfs2ekt9UnuakN6l9:dq95BE5kBVqKRn3R0HyNNa9

Malware Config

Targets

    • Target

      uninstalltool_setup.exe

    • Size

      5.7MB

    • MD5

      ff8691ec698ec599d5ffc38f27fbb002

    • SHA1

      3c8823e5f172c8de504a38c7f83c22e3743eb378

    • SHA256

      2904050a27b48fe508e9f1ee04c55a4142689712a954f4c2005d2dc4fe3f1530

    • SHA512

      791734077e5d0662f1f1550dd623e92507fb9cb009735a709302e2297484371745889e8ef3754a1c434f71f9dabe52387c0c8c5a6474147d8af2b82b6902c3a7

    • SSDEEP

      98304:ykL6/nCk95kN+8eZCRLkH6ibhqRqWAdzdlYsmjzU3Rfs2ekt9UnuakN6l9:dq95BE5kBVqKRn3R0HyNNa9

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks