General

  • Target

    c88e8795ae22ecc447314b6c28261f7cf30664d789e23ce0a6a2a0481fcb6e23

  • Size

    6.7MB

  • Sample

    240403-p818zsdd9x

  • MD5

    100814f212d22a69e40dd518c18c5bff

  • SHA1

    242f770a80b666499cd3c1841dcb36afce1841ec

  • SHA256

    c88e8795ae22ecc447314b6c28261f7cf30664d789e23ce0a6a2a0481fcb6e23

  • SHA512

    28b63da7fffde77fe6c67c32c12a92047668d586693448e32c2baec4efb5f162956fbc79f06408d06f52f6bf9b1a254e599e54b8a10d3c3b4f0552e45fb4caa7

  • SSDEEP

    98304:91O5pDcPHB7oWB0q32sghrEGog5UFI0eDyNGfJ9cnqzdmHQuuWy4rk0yaYWngUxS:91O5SKWBz3lgi+0fYLfsvry4A0y2g0A

Malware Config

Targets

    • Target

      c88e8795ae22ecc447314b6c28261f7cf30664d789e23ce0a6a2a0481fcb6e23

    • Size

      6.7MB

    • MD5

      100814f212d22a69e40dd518c18c5bff

    • SHA1

      242f770a80b666499cd3c1841dcb36afce1841ec

    • SHA256

      c88e8795ae22ecc447314b6c28261f7cf30664d789e23ce0a6a2a0481fcb6e23

    • SHA512

      28b63da7fffde77fe6c67c32c12a92047668d586693448e32c2baec4efb5f162956fbc79f06408d06f52f6bf9b1a254e599e54b8a10d3c3b4f0552e45fb4caa7

    • SSDEEP

      98304:91O5pDcPHB7oWB0q32sghrEGog5UFI0eDyNGfJ9cnqzdmHQuuWy4rk0yaYWngUxS:91O5SKWBz3lgi+0fYLfsvry4A0y2g0A

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks