General

  • Target

    7deecdc874af4709b50fc2f863d13eaf6c2b97cc556bf1e3adb7b08bac9eb68c

  • Size

    6.4MB

  • Sample

    240403-m1ad7acc9w

  • MD5

    f85345711a4bbb1638a9b0bbccf1cb4c

  • SHA1

    92b4e2f767713cccdffe5a7bfa12c0ba014c6d92

  • SHA256

    7deecdc874af4709b50fc2f863d13eaf6c2b97cc556bf1e3adb7b08bac9eb68c

  • SHA512

    8ba60d90271527c1ab2c607fc9285cde0ad87cca9f7b620d13d426bc5f4889b89cc27c1d8f76b88ad073bc579eceb97eac79022efeeec33bd9eae6d1d3b0cb65

  • SSDEEP

    98304:91O2pDcPHB7oWB0q32sghrEGog5UFI0eDyNGfJ9cnqzdmHQuuWy4rk0yaYWngUx4:91O2SKWBz3lgi+0fYLfsvry4A0y2gt

Malware Config

Targets

    • Target

      7deecdc874af4709b50fc2f863d13eaf6c2b97cc556bf1e3adb7b08bac9eb68c

    • Size

      6.4MB

    • MD5

      f85345711a4bbb1638a9b0bbccf1cb4c

    • SHA1

      92b4e2f767713cccdffe5a7bfa12c0ba014c6d92

    • SHA256

      7deecdc874af4709b50fc2f863d13eaf6c2b97cc556bf1e3adb7b08bac9eb68c

    • SHA512

      8ba60d90271527c1ab2c607fc9285cde0ad87cca9f7b620d13d426bc5f4889b89cc27c1d8f76b88ad073bc579eceb97eac79022efeeec33bd9eae6d1d3b0cb65

    • SSDEEP

      98304:91O2pDcPHB7oWB0q32sghrEGog5UFI0eDyNGfJ9cnqzdmHQuuWy4rk0yaYWngUx4:91O2SKWBz3lgi+0fYLfsvry4A0y2gt

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks