General

  • Target

    875cac4e2508aa3f6e7ea75ad6e6e76c66f6242d65c07525dcee00a573d5a25e

  • Size

    7.3MB

  • Sample

    240601-jwwj3seg6z

  • MD5

    778b9a961d1218823130891529f1bdeb

  • SHA1

    d2da2d287c8072576a396cffff4db45a7c3580a9

  • SHA256

    875cac4e2508aa3f6e7ea75ad6e6e76c66f6242d65c07525dcee00a573d5a25e

  • SHA512

    2648900b8c844a75f533115cb9647c85aed5f02c1f87df4fb5a6a777981fbae759188de65e085b97c24559c3f309d53278d9cee6912eabed4f3151d62520e7c7

  • SSDEEP

    196608:91Oh6/HqmLduhnlcQ4UxbqsPAnAoGbfR0uGbjalHgI:3Oh6/HxLd+l1BPuRweuyalx

Malware Config

Targets

    • Target

      875cac4e2508aa3f6e7ea75ad6e6e76c66f6242d65c07525dcee00a573d5a25e

    • Size

      7.3MB

    • MD5

      778b9a961d1218823130891529f1bdeb

    • SHA1

      d2da2d287c8072576a396cffff4db45a7c3580a9

    • SHA256

      875cac4e2508aa3f6e7ea75ad6e6e76c66f6242d65c07525dcee00a573d5a25e

    • SHA512

      2648900b8c844a75f533115cb9647c85aed5f02c1f87df4fb5a6a777981fbae759188de65e085b97c24559c3f309d53278d9cee6912eabed4f3151d62520e7c7

    • SSDEEP

      196608:91Oh6/HqmLduhnlcQ4UxbqsPAnAoGbfR0uGbjalHgI:3Oh6/HxLd+l1BPuRweuyalx

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks