General

  • Target

    d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e

  • Size

    289KB

  • Sample

    240604-lbz3wabh6z

  • MD5

    ac7f96ac94ca748354e7db225aa1a5b2

  • SHA1

    98be163399271b71337afbc716b6a313ea1941e6

  • SHA256

    d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e

  • SHA512

    862f9d5bc0d4ba27cfa7d75b4974e4eb37d30f53de883419c3e1e7c62fb525a2964e8431b5b5c91e1d2654db5446bba60320d196b148b35480eec2ed2cc26692

  • SSDEEP

    6144:Xm/uolvrxUXllOuQcTN5eZ2cH5d/ozSxCP27kbn8buCW+ZFU/Chpav1GUTs8quIr:W2svrwmuQ2yp5keCPtb8b1HZSCSDs8q/

Malware Config

Targets

    • Target

      d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e

    • Size

      289KB

    • MD5

      ac7f96ac94ca748354e7db225aa1a5b2

    • SHA1

      98be163399271b71337afbc716b6a313ea1941e6

    • SHA256

      d223100bff707f45e8e2d609e64cb84c936ad09b097357dfc0d68cccfe97ed3e

    • SHA512

      862f9d5bc0d4ba27cfa7d75b4974e4eb37d30f53de883419c3e1e7c62fb525a2964e8431b5b5c91e1d2654db5446bba60320d196b148b35480eec2ed2cc26692

    • SSDEEP

      6144:Xm/uolvrxUXllOuQcTN5eZ2cH5d/ozSxCP27kbn8buCW+ZFU/Chpav1GUTs8quIr:W2svrwmuQ2yp5keCPtb8b1HZSCSDs8q/

    • MilleniumRat

      MilleniumRat is a remote access trojan written in C#.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks