General

  • Target

    a6e1955ddc6a22cf9fe64148610b0cacacd49f94fc2ea0092e0f23059d27d4b3

  • Size

    6.7MB

  • Sample

    240403-m2kxbacg62

  • MD5

    3bcf3ad5da1c9f7f54b99404d5bb2a14

  • SHA1

    f36359ff1be260d6c59a194c3257a8a2816bc4b7

  • SHA256

    a6e1955ddc6a22cf9fe64148610b0cacacd49f94fc2ea0092e0f23059d27d4b3

  • SHA512

    062cd16c7bd808fb9029de8c7bc1188da62d3d47222256cf453f4539809d1de75ea175b3544957e0485e5765bcc8bd11da72ff7525cc746392f114a57500eca3

  • SSDEEP

    98304:91OmpDcPHB7oWB0q32sghrEGog5UFI0eDyNGfJ9cnqzdmHQuuWy4rk0yaYWngUxA:91OmSKWBz3lgi+0fYLfsvry4A0y2g4Po

Malware Config

Targets

    • Target

      a6e1955ddc6a22cf9fe64148610b0cacacd49f94fc2ea0092e0f23059d27d4b3

    • Size

      6.7MB

    • MD5

      3bcf3ad5da1c9f7f54b99404d5bb2a14

    • SHA1

      f36359ff1be260d6c59a194c3257a8a2816bc4b7

    • SHA256

      a6e1955ddc6a22cf9fe64148610b0cacacd49f94fc2ea0092e0f23059d27d4b3

    • SHA512

      062cd16c7bd808fb9029de8c7bc1188da62d3d47222256cf453f4539809d1de75ea175b3544957e0485e5765bcc8bd11da72ff7525cc746392f114a57500eca3

    • SSDEEP

      98304:91OmpDcPHB7oWB0q32sghrEGog5UFI0eDyNGfJ9cnqzdmHQuuWy4rk0yaYWngUxA:91OmSKWBz3lgi+0fYLfsvry4A0y2g4Po

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks