General

  • Target

    checking_v15.exe

  • Size

    9.7MB

  • Sample

    240323-tk2l3ahd76

  • MD5

    9f219eb0d3e15f7c34b3c8c712e57299

  • SHA1

    e821fb4c40e9f5dc0f535da97e1a4ed2842b14b8

  • SHA256

    7fbacb03769bbe4bd800c97f330682ef7cb43d63a31a370da2a93f579d0831cf

  • SHA512

    6fc56f4cae5cedfcafed2e6b26edc8325e5b29b7eeff4f72843a3be494906246eade8339d0bfad1f4d045e27e6b420ccaeb363470f3de0d727e4cf5cd19dbe75

  • SSDEEP

    196608:wwoMmD0FCbiy6moAOshoKMuIkhVJstRL5Di6nVJSGM1PJkVXyRVl:Lo9D5biy3/OshouIkPqtRL5xVJ03eyRz

Malware Config

Targets

    • Target

      checking_v15.exe

    • Size

      9.7MB

    • MD5

      9f219eb0d3e15f7c34b3c8c712e57299

    • SHA1

      e821fb4c40e9f5dc0f535da97e1a4ed2842b14b8

    • SHA256

      7fbacb03769bbe4bd800c97f330682ef7cb43d63a31a370da2a93f579d0831cf

    • SHA512

      6fc56f4cae5cedfcafed2e6b26edc8325e5b29b7eeff4f72843a3be494906246eade8339d0bfad1f4d045e27e6b420ccaeb363470f3de0d727e4cf5cd19dbe75

    • SSDEEP

      196608:wwoMmD0FCbiy6moAOshoKMuIkhVJstRL5Di6nVJSGM1PJkVXyRVl:Lo9D5biy3/OshouIkPqtRL5xVJ03eyRz

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks