General

  • Target

    KLSetup.exe

  • Size

    8.2MB

  • Sample

    240601-jbaf4sdh8x

  • MD5

    65f0ee72fac85b324a0734053d436918

  • SHA1

    796d3ab9803f5e6ec370ff948f654842af62fd25

  • SHA256

    4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c

  • SHA512

    b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52

  • SSDEEP

    98304:bEo5z/yF0ULxVuZ6xfTGeUVSO6HVyW2iI30Ge2JW9GU5M0xZh:bt5zqF0KTlXV/luWUU66D

Malware Config

Targets

    • Target

      KLSetup.exe

    • Size

      8.2MB

    • MD5

      65f0ee72fac85b324a0734053d436918

    • SHA1

      796d3ab9803f5e6ec370ff948f654842af62fd25

    • SHA256

      4f128c759e90606c9c7b5546259a7888b2aaaf5ea59d1aa40d5284056366504c

    • SHA512

      b18d612652d2023b7ca49bf0008d6f6a77bab25c70fb9d67bd29c4a917344275c2fbe14058e8121e0ec3e2278ae100b66e49494aa63a2d2570d7d95b6c64ed52

    • SSDEEP

      98304:bEo5z/yF0ULxVuZ6xfTGeUVSO6HVyW2iI30Ge2JW9GU5M0xZh:bt5zqF0KTlXV/luWUU66D

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks