General

  • Target

    c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225

  • Size

    3.2MB

  • Sample

    240614-ef3w1ayaml

  • MD5

    e8833c2461a56bf3f9c5dcc9f8c10d52

  • SHA1

    38471edfcd9c0c44c48b20df6bfdf7b37b2386ef

  • SHA256

    c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225

  • SHA512

    528acb2bbb5ff5fedc9bb167fb4f00a36d31cbe80456844a99b770fe5f4e383dd27bc214042837f823350d8fd8ab85a827dcb66619c8fb4c9307d04bc5805fc5

  • SSDEEP

    49152:cJZoQrbTFZY1iaxrLJpVCsLFH7Vo4IvhVMfQMlIdtrhjE613FH7Vo4IvhVMGL:ctrbTA1xrFH7VVGHRKEjxtFH7VVGHlL

Malware Config

Targets

    • Target

      c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225

    • Size

      3.2MB

    • MD5

      e8833c2461a56bf3f9c5dcc9f8c10d52

    • SHA1

      38471edfcd9c0c44c48b20df6bfdf7b37b2386ef

    • SHA256

      c7e62994e4d9cbb42f7c6aad4fc9d2cf4bcf71bb55617e2b85c2cc572a48b225

    • SHA512

      528acb2bbb5ff5fedc9bb167fb4f00a36d31cbe80456844a99b770fe5f4e383dd27bc214042837f823350d8fd8ab85a827dcb66619c8fb4c9307d04bc5805fc5

    • SSDEEP

      49152:cJZoQrbTFZY1iaxrLJpVCsLFH7Vo4IvhVMfQMlIdtrhjE613FH7Vo4IvhVMGL:ctrbTA1xrFH7VVGHRKEjxtFH7VVGHlL

    • Modifies Installed Components in the registry

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks