Resubmissions

30/07/2024, 06:44

240730-hhpnyayhrd 10

27/05/2024, 14:12

240527-rh1wmsgc52 10

General

  • Target

    7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a.exe

  • Size

    2.0MB

  • Sample

    240527-rh1wmsgc52

  • MD5

    20d1a291ba22e0d37ba1c9ef7c4f2a8e

  • SHA1

    977deb9b18a8599aac68cfd86fd95219a54fc8c4

  • SHA256

    7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a

  • SHA512

    662369dcf70c1abe0142a139f950df672d62b3dbda910a804b6ef6a76280fa543aba4d1a9e52bea1584cdc0c674110b7a11fb0948be82e27c77e92b465f16d42

  • SSDEEP

    24576:2y2KxiKAGfq78Qh7zCIU1D6hynUlAqFzATZAguEkVm2nc6DKcPGsiSbBydwBFrUm:2K1WlU1D6hk8RFzAZ5+m21Kc+sPbVT

Malware Config

Targets

    • Target

      7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a.exe

    • Size

      2.0MB

    • MD5

      20d1a291ba22e0d37ba1c9ef7c4f2a8e

    • SHA1

      977deb9b18a8599aac68cfd86fd95219a54fc8c4

    • SHA256

      7e052903db8c20022280f156834b9af172c7877b7253104562f77d61f8c3de6a

    • SHA512

      662369dcf70c1abe0142a139f950df672d62b3dbda910a804b6ef6a76280fa543aba4d1a9e52bea1584cdc0c674110b7a11fb0948be82e27c77e92b465f16d42

    • SSDEEP

      24576:2y2KxiKAGfq78Qh7zCIU1D6hynUlAqFzATZAguEkVm2nc6DKcPGsiSbBydwBFrUm:2K1WlU1D6hk8RFzAZ5+m21Kc+sPbVT

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks