General

  • Target

    PC_Cleaner_setup.exe

  • Size

    7.5MB

  • Sample

    240614-jdy79atgll

  • MD5

    199e8896119bd3fc3850e9b19eb98ab2

  • SHA1

    b20795b8b98641cd1f3f79767ca2479d81af2a7e

  • SHA256

    36c6dceee32c61fa35e3d2bc6699ca7d6fc0eee903f82876e1e1049d4b52e600

  • SHA512

    c79753ef606c333df5ae974814bec434a0ba872a85cbe98e037700005caa8f3eab616556013099682c4a026f45ca5ceab53ade40f5674b7be73661609c325247

  • SSDEEP

    196608:dUJl7//t1epn/0ZnbfMSYseYy7c7FsnTum:Sn//tc4bf7YaHunTV

Malware Config

Targets

    • Target

      PC_Cleaner_setup.exe

    • Size

      7.5MB

    • MD5

      199e8896119bd3fc3850e9b19eb98ab2

    • SHA1

      b20795b8b98641cd1f3f79767ca2479d81af2a7e

    • SHA256

      36c6dceee32c61fa35e3d2bc6699ca7d6fc0eee903f82876e1e1049d4b52e600

    • SHA512

      c79753ef606c333df5ae974814bec434a0ba872a85cbe98e037700005caa8f3eab616556013099682c4a026f45ca5ceab53ade40f5674b7be73661609c325247

    • SSDEEP

      196608:dUJl7//t1epn/0ZnbfMSYseYy7c7FsnTum:Sn//tc4bf7YaHunTV

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks