General

  • Target

    21f055fae8ca7df29375d05c1400c166aed1ca1473770e7b22d242cf2609d25d

  • Size

    473KB

  • Sample

    240403-x3z3qsac5v

  • MD5

    0b04a67e885c68278f26424d0fe3826e

  • SHA1

    b4a521b8b9b6d44fdec744cf57bc23514e3d3351

  • SHA256

    21f055fae8ca7df29375d05c1400c166aed1ca1473770e7b22d242cf2609d25d

  • SHA512

    05c41bcb01bcf59754f7f7a190a6539f6cfb1add4b6a0c1e1423ea013b8cacdfcc132b36232792916bfaa3b67146b90ae2c1797b0cc15ad6c4f8eb5ffa104fa2

  • SSDEEP

    6144:ipuN8bKQsIQnrR5L3dnQCarDr0d4Qz+i5GhxkbV9hdlG/8G2ZzIdA4JdfxEu79Li:1Q5QnrrLGnisIS/HaeAEdmSL6nJ

Malware Config

Targets

    • Target

      21f055fae8ca7df29375d05c1400c166aed1ca1473770e7b22d242cf2609d25d

    • Size

      473KB

    • MD5

      0b04a67e885c68278f26424d0fe3826e

    • SHA1

      b4a521b8b9b6d44fdec744cf57bc23514e3d3351

    • SHA256

      21f055fae8ca7df29375d05c1400c166aed1ca1473770e7b22d242cf2609d25d

    • SHA512

      05c41bcb01bcf59754f7f7a190a6539f6cfb1add4b6a0c1e1423ea013b8cacdfcc132b36232792916bfaa3b67146b90ae2c1797b0cc15ad6c4f8eb5ffa104fa2

    • SSDEEP

      6144:ipuN8bKQsIQnrR5L3dnQCarDr0d4Qz+i5GhxkbV9hdlG/8G2ZzIdA4JdfxEu79Li:1Q5QnrrLGnisIS/HaeAEdmSL6nJ

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Detects executables containing base64 encoded User Agent

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks