General

  • Target

    99ec5388d313fa009657ce8b619b203f62053c5602d639364f05f978cb980dd1

  • Size

    6.6MB

  • Sample

    240407-3qvkdaaa9v

  • MD5

    d3acc3ecd7d0ebba98f5cb5d40eca69e

  • SHA1

    b47c16250eb0a92c3a2830b4fae6f2b31d22b44c

  • SHA256

    99ec5388d313fa009657ce8b619b203f62053c5602d639364f05f978cb980dd1

  • SHA512

    12714b3c5c9a572c7a713aa0271e79b7801764d0a96e96f22b489815b45318855671379dd4f202b115bf3c81f97358d067fd5e0a7b67cef4484eb6a7d56cf59a

  • SSDEEP

    196608:91O+PM1g/Yk3wokBf8uLAlC3qsW4Ul2VmHZ4Dc7t:3O+PCg/IokBUuk2UlW/Dc5

Malware Config

Targets

    • Target

      99ec5388d313fa009657ce8b619b203f62053c5602d639364f05f978cb980dd1

    • Size

      6.6MB

    • MD5

      d3acc3ecd7d0ebba98f5cb5d40eca69e

    • SHA1

      b47c16250eb0a92c3a2830b4fae6f2b31d22b44c

    • SHA256

      99ec5388d313fa009657ce8b619b203f62053c5602d639364f05f978cb980dd1

    • SHA512

      12714b3c5c9a572c7a713aa0271e79b7801764d0a96e96f22b489815b45318855671379dd4f202b115bf3c81f97358d067fd5e0a7b67cef4484eb6a7d56cf59a

    • SSDEEP

      196608:91O+PM1g/Yk3wokBf8uLAlC3qsW4Ul2VmHZ4Dc7t:3O+PCg/IokBUuk2UlW/Dc5

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks