General

  • Target

    GWBI7H74fhGgtebteb5GSR

  • Size

    6.8MB

  • Sample

    240618-qhn2eaygrj

  • MD5

    ab7f07e0cb724902d34ca82aa83e81e3

  • SHA1

    becb5b9765615596028a004fc85f70a6064909be

  • SHA256

    4e6e5e416417e302fd44f0e1c2106f8aa2c77a24cb363cbf49e12077a641cf6e

  • SHA512

    e8e09127eb674403002323e43df20a34125c9ebbcc6cb6da387f5b4f742c2dd1e3cdfa5919d3ce67f16d3bd344313f5ac4a15042f200d83b662bcf036a6d4d9f

  • SSDEEP

    196608:w3/NrzAltdolcv92Zg1kOhJmWhxbxiz3bdJqwd9mnC3QLexvLvtGSKFW:aNrnlAUZg1kqJmuxc3BJqs91g6xJGSK0

Malware Config

Targets

    • Target

      GWBI7H74fhGgtebteb5GSR

    • Size

      6.8MB

    • MD5

      ab7f07e0cb724902d34ca82aa83e81e3

    • SHA1

      becb5b9765615596028a004fc85f70a6064909be

    • SHA256

      4e6e5e416417e302fd44f0e1c2106f8aa2c77a24cb363cbf49e12077a641cf6e

    • SHA512

      e8e09127eb674403002323e43df20a34125c9ebbcc6cb6da387f5b4f742c2dd1e3cdfa5919d3ce67f16d3bd344313f5ac4a15042f200d83b662bcf036a6d4d9f

    • SSDEEP

      196608:w3/NrzAltdolcv92Zg1kOhJmWhxbxiz3bdJqwd9mnC3QLexvLvtGSKFW:aNrnlAUZg1kqJmuxc3BJqs91g6xJGSK0

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks