General

  • Target

    ParteDenuncia.rar

  • Size

    1.2MB

  • Sample

    240517-ra5jvsbc35

  • MD5

    7b70fbc992152d753ec3d3df02dd8c8f

  • SHA1

    d3939990389c9c2b9309793d6d60b79734b515dc

  • SHA256

    aa7d80daa488e8627316e1e24bef1a713ae4f86e4a6304c6784b6187ad0433d9

  • SHA512

    c247df47cee3a9432eefb890a7afd355ece04e019fd4ada1bd9f5eed9099efe83494835467694fb4a164b4bcb9651f6c37a470e42d949d4233ff1e07b24064d5

  • SSDEEP

    24576:dUxAjJ5eWilajWpv0+fCpyjYq0AUeYHa6MGDrtfTh+j3udsUbzN:dbJ5eWLWp8EsyjWeYlrtfTzdJ9

Malware Config

Targets

    • Target

      ParteDenuncia.rar

    • Size

      1.2MB

    • MD5

      7b70fbc992152d753ec3d3df02dd8c8f

    • SHA1

      d3939990389c9c2b9309793d6d60b79734b515dc

    • SHA256

      aa7d80daa488e8627316e1e24bef1a713ae4f86e4a6304c6784b6187ad0433d9

    • SHA512

      c247df47cee3a9432eefb890a7afd355ece04e019fd4ada1bd9f5eed9099efe83494835467694fb4a164b4bcb9651f6c37a470e42d949d4233ff1e07b24064d5

    • SSDEEP

      24576:dUxAjJ5eWilajWpv0+fCpyjYq0AUeYHa6MGDrtfTh+j3udsUbzN:dbJ5eWLWp8EsyjWeYlrtfTzdJ9

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      ParteDenuncia.exe

    • Size

      2.4MB

    • MD5

      7e5490e5ee13eb6f567da9312a50ac4f

    • SHA1

      882e50b559806c13dbe9056262d2ec6b0ceaef94

    • SHA256

      f98cb51b72234756df112ccfa9a412c20b313c26ef459b042a99a090a0ced8d8

    • SHA512

      fcc1f3b2a58baa5b6db8bc272533a423316d42c8ff7a1805374130ae97e66ccf1d830d9b4ef4039ae910970fa87b9752366a7aeccae27c9ac1c9dae47dc63bc9

    • SSDEEP

      24576:zYsfpxSOMSlpH06QWVqmDlH54jm+G7liuzp0nwTMe4iqtKmj1XL8tkfu3uCQLt+d:zYsfpxSelV9ZHHGv78WjDLaArkwXX

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks