General

  • Target

    9565ebd1d5120f6ed3bb3f0be55ca67e.exe

  • Size

    7.2MB

  • Sample

    240601-e5ynksaf33

  • MD5

    9565ebd1d5120f6ed3bb3f0be55ca67e

  • SHA1

    5c0a04ddd8cba58565d78bc9ed042938d91fb829

  • SHA256

    88e48bdaa7e112875198c1cc2db4a4d32e51e28d75f3ad9af7596859b4eccd24

  • SHA512

    33a5e564bbfe8df9c2bb4cd5ecd9479206e54b6691f3b8ecd2ed7dc60b442162093bcaa2eb793ae931984fab0de7cb3af5d634ba399f4fd43ad01beb3f8c1d6a

  • SSDEEP

    196608:91OJTXepL7GnZAZ0LzBqEWY5w9U5WSnzgTHtN8ZObtk0b7XQJJEYwffqV:3OtXepeZe0vUY5gUfC8ZOJEwffqV

Malware Config

Targets

    • Target

      9565ebd1d5120f6ed3bb3f0be55ca67e.exe

    • Size

      7.2MB

    • MD5

      9565ebd1d5120f6ed3bb3f0be55ca67e

    • SHA1

      5c0a04ddd8cba58565d78bc9ed042938d91fb829

    • SHA256

      88e48bdaa7e112875198c1cc2db4a4d32e51e28d75f3ad9af7596859b4eccd24

    • SHA512

      33a5e564bbfe8df9c2bb4cd5ecd9479206e54b6691f3b8ecd2ed7dc60b442162093bcaa2eb793ae931984fab0de7cb3af5d634ba399f4fd43ad01beb3f8c1d6a

    • SSDEEP

      196608:91OJTXepL7GnZAZ0LzBqEWY5w9U5WSnzgTHtN8ZObtk0b7XQJJEYwffqV:3OtXepeZe0vUY5gUfC8ZOJEwffqV

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks