Resubmissions

03-05-2024 09:02

240503-kzqzfabc4t 4

03-05-2024 08:47

240503-kp6xxada58 8

03-05-2024 08:46

240503-kpllzada49 4

03-05-2024 08:41

240503-klfasach83 7

General

  • Target

    Pindanoten.docx

  • Size

    16KB

  • Sample

    240503-kp6xxada58

  • MD5

    e31f66b3181378d484e6c915285f2096

  • SHA1

    640043b5ef2d2e698257d68b222fad7ea122a0f9

  • SHA256

    c9d77a8375af041f4dfa0ac1dfeef5dbea6dc98772fe2c2386f2281da26cc7c7

  • SHA512

    336f02c763cedafa47116fba2e8c49c62a4f6f1b008378d233d2457eff13df2f42c4d5baf6c153a5830a6e48c94006570861db710a4efcb02a3c729c15b8c09c

  • SSDEEP

    384:dthz+09s3LGqiCIQuog46c7OMHhHML8DejstL4KvIvK:toLbibQuk7OMNNXtB

Malware Config

Targets

    • Target

      Pindanoten.docx

    • Size

      16KB

    • MD5

      e31f66b3181378d484e6c915285f2096

    • SHA1

      640043b5ef2d2e698257d68b222fad7ea122a0f9

    • SHA256

      c9d77a8375af041f4dfa0ac1dfeef5dbea6dc98772fe2c2386f2281da26cc7c7

    • SHA512

      336f02c763cedafa47116fba2e8c49c62a4f6f1b008378d233d2457eff13df2f42c4d5baf6c153a5830a6e48c94006570861db710a4efcb02a3c729c15b8c09c

    • SSDEEP

      384:dthz+09s3LGqiCIQuog46c7OMHhHML8DejstL4KvIvK:toLbibQuk7OMNNXtB

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks