General

  • Target

    b74df74fc221ad83ef1c5da21b399a55.exe

  • Size

    7.3MB

  • Sample

    240601-e24qeshh6v

  • MD5

    b74df74fc221ad83ef1c5da21b399a55

  • SHA1

    28ccda0ef73eba83f0e24da689d3d0681a62bfe6

  • SHA256

    def9eaafe566d53c24300dac5c134cf3de6691d6bce5dd12fb667a410a48eb87

  • SHA512

    c1234c5cda6332f3526462c87746a0b80ef78ad388f0f635bcc69b38c7254d9a51cb6ff22c7e552c6bb1562a89c991af817f3ad9bc0a1f94e1ba2224667f68a8

  • SSDEEP

    196608:91OpcF9aTaDrezU9vnRv0ls78rirymHGbfObhF:3OpcF9aTArEevnG27Gi+7bWL

Malware Config

Targets

    • Target

      b74df74fc221ad83ef1c5da21b399a55.exe

    • Size

      7.3MB

    • MD5

      b74df74fc221ad83ef1c5da21b399a55

    • SHA1

      28ccda0ef73eba83f0e24da689d3d0681a62bfe6

    • SHA256

      def9eaafe566d53c24300dac5c134cf3de6691d6bce5dd12fb667a410a48eb87

    • SHA512

      c1234c5cda6332f3526462c87746a0b80ef78ad388f0f635bcc69b38c7254d9a51cb6ff22c7e552c6bb1562a89c991af817f3ad9bc0a1f94e1ba2224667f68a8

    • SSDEEP

      196608:91OpcF9aTaDrezU9vnRv0ls78rirymHGbfObhF:3OpcF9aTArEevnG27Gi+7bWL

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks