General

  • Target

    02b3d4a04c5d1248b2ab125d583a446160218fe9ef7c984c2d401b45398a3413

  • Size

    5.5MB

  • Sample

    240525-wsqkwada4z

  • MD5

    45626402d419b39813ea6f44ae2acbe7

  • SHA1

    7e3c894878a81d6f9fd34f07d51306b3956b750d

  • SHA256

    02b3d4a04c5d1248b2ab125d583a446160218fe9ef7c984c2d401b45398a3413

  • SHA512

    ac918171f8507e42e9f6a524d7b968b648d73c6e9d8e074b7ee1dea9cd6f0bd4bed4155f7035707551b4efc8baedced99a7836118a4221bd79c782f968d43678

  • SSDEEP

    98304:tFd7Xy1VkHK5mi8P4aR8qLf3gbz2FSmaI7dl0F:tFVXy1KHKQjQbz2FSmaI7dl2

Malware Config

Targets

    • Target

      02b3d4a04c5d1248b2ab125d583a446160218fe9ef7c984c2d401b45398a3413

    • Size

      5.5MB

    • MD5

      45626402d419b39813ea6f44ae2acbe7

    • SHA1

      7e3c894878a81d6f9fd34f07d51306b3956b750d

    • SHA256

      02b3d4a04c5d1248b2ab125d583a446160218fe9ef7c984c2d401b45398a3413

    • SHA512

      ac918171f8507e42e9f6a524d7b968b648d73c6e9d8e074b7ee1dea9cd6f0bd4bed4155f7035707551b4efc8baedced99a7836118a4221bd79c782f968d43678

    • SSDEEP

      98304:tFd7Xy1VkHK5mi8P4aR8qLf3gbz2FSmaI7dl0F:tFVXy1KHKQjQbz2FSmaI7dl2

    • Modifies visiblity of hidden/system files in Explorer

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing SQL queries to confidential data stores. Observed in infostealers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks