General

  • Target

    c6c47d3d7e56213f0d0ced379c64e166ed5a86308ea96856163a4e0155b1fc6e

  • Size

    1.1MB

  • Sample

    240410-reet1aad65

  • MD5

    29e47258c517f5f33349caacef044645

  • SHA1

    42cfb37c1f47de8f1ef6f4dbd047c1a06922adc0

  • SHA256

    c6c47d3d7e56213f0d0ced379c64e166ed5a86308ea96856163a4e0155b1fc6e

  • SHA512

    edf41423deef4dfc38d634d89e9d39c65887f168deac577c075aa4cc92bc413c611ed3d5083398d35614b425fb5c0f6ecf1b624787e8f7f16bec4d70e17a6c9f

  • SSDEEP

    12288:m/EKZq6eHNjHA3igt96CIBhwXYhCDcg1MXh6uLbhAvzLprAXpJicUOZL7SnJJMET:mAEKBWIhsccMXh64FCFaycjZL7SnU/q

Malware Config

Targets

    • Target

      c6c47d3d7e56213f0d0ced379c64e166ed5a86308ea96856163a4e0155b1fc6e

    • Size

      1.1MB

    • MD5

      29e47258c517f5f33349caacef044645

    • SHA1

      42cfb37c1f47de8f1ef6f4dbd047c1a06922adc0

    • SHA256

      c6c47d3d7e56213f0d0ced379c64e166ed5a86308ea96856163a4e0155b1fc6e

    • SHA512

      edf41423deef4dfc38d634d89e9d39c65887f168deac577c075aa4cc92bc413c611ed3d5083398d35614b425fb5c0f6ecf1b624787e8f7f16bec4d70e17a6c9f

    • SSDEEP

      12288:m/EKZq6eHNjHA3igt96CIBhwXYhCDcg1MXh6uLbhAvzLprAXpJicUOZL7SnJJMET:mAEKBWIhsccMXh64FCFaycjZL7SnU/q

    • OutSteel

      OutSteel is a file uploader and document stealer written in AutoIT.

    • OutSteel batch script

      Detects batch script dropped by OutSteel

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.