General

  • Target

    1b836263d64882a129a147433aa948040c1009440b01fa8a34f94911c74411f8

  • Size

    888KB

  • Sample

    240407-xryqjabg5t

  • MD5

    6230d5d68095e452b2467523f15a0070

  • SHA1

    da5b478c46d716d5c1991f748086a3411654fd3e

  • SHA256

    1b836263d64882a129a147433aa948040c1009440b01fa8a34f94911c74411f8

  • SHA512

    4aa6235146617ba26069298ecefe9c3b3b74ebe17db3bc916a998a2ac278f328d7bc89cc88769f4763b7aed7a6f26d6436bb65fb87763c863296191505d55a10

  • SSDEEP

    24576:sW9bDsrA1xXwbKD8aTUM3qW706dCDdyn95TdZO/6tLBV/xyiO7:BJDsM1VwbKoW6WYynPTdZOiJBTyP7

Malware Config

Targets

    • Target

      1b836263d64882a129a147433aa948040c1009440b01fa8a34f94911c74411f8

    • Size

      888KB

    • MD5

      6230d5d68095e452b2467523f15a0070

    • SHA1

      da5b478c46d716d5c1991f748086a3411654fd3e

    • SHA256

      1b836263d64882a129a147433aa948040c1009440b01fa8a34f94911c74411f8

    • SHA512

      4aa6235146617ba26069298ecefe9c3b3b74ebe17db3bc916a998a2ac278f328d7bc89cc88769f4763b7aed7a6f26d6436bb65fb87763c863296191505d55a10

    • SSDEEP

      24576:sW9bDsrA1xXwbKD8aTUM3qW706dCDdyn95TdZO/6tLBV/xyiO7:BJDsM1VwbKoW6WYynPTdZOiJBTyP7

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks