General

  • Target

    sample

  • Size

    16KB

  • Sample

    240524-wxpt5see2v

  • MD5

    3a8fb09f8cfd8c9012520e9d45f961ba

  • SHA1

    faba2dba5063476f5f8742932963249d81c5c0cb

  • SHA256

    3464373dc628c72a680e4c69c3dd73c3aea0f66a8b509933f5818e516fc03985

  • SHA512

    d144ba21d218fd3f77f66665577c40c048c4bc6f30efa1ad3b2e3ecc9d95eeb425dd2b02243b20410a3c3c6bf2625c342e6f6299ba48c49c648f7e2ea14d49d4

  • SSDEEP

    192:x4ufWIyc+MDg9PxUfrULIAFCy8GAGYoQN6S5+MO2FHB/ibLDiTkok:x0Vig9pUfrUz8GAGM6O+x2V1i/DiTkn

Malware Config

Targets

    • Target

      sample

    • Size

      16KB

    • MD5

      3a8fb09f8cfd8c9012520e9d45f961ba

    • SHA1

      faba2dba5063476f5f8742932963249d81c5c0cb

    • SHA256

      3464373dc628c72a680e4c69c3dd73c3aea0f66a8b509933f5818e516fc03985

    • SHA512

      d144ba21d218fd3f77f66665577c40c048c4bc6f30efa1ad3b2e3ecc9d95eeb425dd2b02243b20410a3c3c6bf2625c342e6f6299ba48c49c648f7e2ea14d49d4

    • SSDEEP

      192:x4ufWIyc+MDg9PxUfrULIAFCy8GAGYoQN6S5+MO2FHB/ibLDiTkok:x0Vig9pUfrUz8GAGM6O+x2V1i/DiTkn

    • Modifies Windows Firewall

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Replication Through Removable Media

1
T1091

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

1
T1005

Tasks