General

  • Target

    2570433695e66597cf18a2d427c5366d.bin

  • Size

    6.3MB

  • Sample

    240604-brplzagc5y

  • MD5

    c9f11cd8582400011a62077955b2f6b2

  • SHA1

    409ca698c8e4fa18728db6ffd4ecc9628004137a

  • SHA256

    16677cc20ffd0100d33a99ed9ed3ec4eace40557404a72909bdabf2b0d87f4ed

  • SHA512

    df460c75b326980de9711222b8a833b06691190fa382f871afa6771b7c2533484ded09c48c8ff0b7cc0e63b884c19df03bf8d86fad2be54e2ceaa3597c534048

  • SSDEEP

    98304:4lIR0dkA6Dmh7HwG3oakiFkMYGfETwti6VIkPKgJenUx+KD24uxmK9FLOlUvpC5N:Oyqh7Hdg8kMYE0ciLgK4enzr7wALXCC+

Malware Config

Targets

    • Target

      987e81eaba927077be968768fa337bae2bbe38310a4fec0593c356e677e9c236.exe

    • Size

      6.3MB

    • MD5

      2570433695e66597cf18a2d427c5366d

    • SHA1

      88c9e4e3d7562c2b538b19066ceffd3bd2b80da1

    • SHA256

      987e81eaba927077be968768fa337bae2bbe38310a4fec0593c356e677e9c236

    • SHA512

      cf220112dba66758512dcc0a37df298d25ab1c5390eb45826aee9690907ad9c94a3e6272419e1bd0c64a6af518b4945336f21aa8822e6cdfc545a604d7a578b6

    • SSDEEP

      98304:91Oih9g3v564EOC2yQlQyNky6wJ9cpq5rMlGRrodUkZ+52LYib/Z6fm1xE:91Oyif5sH6QyayJ6GFodL+52LNFE

    • Modifies Windows Defender Real-time Protection settings

    • Windows security bypass

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks