General

  • Target

    5964087a3c51e3751e3e0b21337b7013691ee86e29b7af80e773d81aa1a620d8

  • Size

    6.4MB

  • Sample

    240407-xnyw5aca52

  • MD5

    14c633aef7b31781748bcd016ed9c53a

  • SHA1

    4d3cb4aab75acf7fdf73aece33257169ea51eeab

  • SHA256

    5964087a3c51e3751e3e0b21337b7013691ee86e29b7af80e773d81aa1a620d8

  • SHA512

    123b0633a0f585e4f8b52eee774001edff08ffd68c46ada348b0904f10611027437aee866a6a0cacec28f0bbbac582f07a3d10d30cd91254fda4feba074a1de1

  • SSDEEP

    196608:91OZ73gCvR7IDbay+twm5R45TN+Bg8OPcDAjVUw:3OZc4ly+tdUM+8FEjF

Malware Config

Targets

    • Target

      5964087a3c51e3751e3e0b21337b7013691ee86e29b7af80e773d81aa1a620d8

    • Size

      6.4MB

    • MD5

      14c633aef7b31781748bcd016ed9c53a

    • SHA1

      4d3cb4aab75acf7fdf73aece33257169ea51eeab

    • SHA256

      5964087a3c51e3751e3e0b21337b7013691ee86e29b7af80e773d81aa1a620d8

    • SHA512

      123b0633a0f585e4f8b52eee774001edff08ffd68c46ada348b0904f10611027437aee866a6a0cacec28f0bbbac582f07a3d10d30cd91254fda4feba074a1de1

    • SSDEEP

      196608:91OZ73gCvR7IDbay+twm5R45TN+Bg8OPcDAjVUw:3OZc4ly+tdUM+8FEjF

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks