General

  • Target

    a2b36633f3273657a81cae71186267d99f7bdfa3f70b07c55c7517e87c54c614

  • Size

    6.5MB

  • Sample

    240408-acc4ysag23

  • MD5

    ac0e977eb246206bd38f7a2f04a89ff4

  • SHA1

    480237ec586906428876800884769a74c5b6983c

  • SHA256

    a2b36633f3273657a81cae71186267d99f7bdfa3f70b07c55c7517e87c54c614

  • SHA512

    249d91e9868bce1578b99454013dbfc5a62bc2e37cd36baabf70b755449585ab930fe5365e95d954243c530960030b8f75b28ba55ff508db744ae61899137e04

  • SSDEEP

    196608:91OPPM1g/Yk3wokBf8uLAlC3qsW4Ul2VmHZ4DMscCQl:3OPPCg/IokBUuk2UlW/Dk

Malware Config

Targets

    • Target

      a2b36633f3273657a81cae71186267d99f7bdfa3f70b07c55c7517e87c54c614

    • Size

      6.5MB

    • MD5

      ac0e977eb246206bd38f7a2f04a89ff4

    • SHA1

      480237ec586906428876800884769a74c5b6983c

    • SHA256

      a2b36633f3273657a81cae71186267d99f7bdfa3f70b07c55c7517e87c54c614

    • SHA512

      249d91e9868bce1578b99454013dbfc5a62bc2e37cd36baabf70b755449585ab930fe5365e95d954243c530960030b8f75b28ba55ff508db744ae61899137e04

    • SSDEEP

      196608:91OPPM1g/Yk3wokBf8uLAlC3qsW4Ul2VmHZ4DMscCQl:3OPPCg/IokBUuk2UlW/Dk

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks