General

  • Target

    352cb323fe4e530753a091672973f95f8287db6ce19bf86b9aaa17df909a245c

  • Size

    3.1MB

  • Sample

    240710-zzyrlszflm

  • MD5

    7326e2cc8b19595770965d72e1041325

  • SHA1

    e1758cbd4eea1c45ef714d1c0651abe27d91fe93

  • SHA256

    352cb323fe4e530753a091672973f95f8287db6ce19bf86b9aaa17df909a245c

  • SHA512

    a94365d8c26f6042c75f9fe0eb7945509ef6d5f2fc3f7e5252678efb3bb1fc2dc1efeaaa007e849c279703f66074c08a63686e96c780a35287ebbb2c4fd92236

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBLB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpobVz8eLFc

Malware Config

Targets

    • Target

      352cb323fe4e530753a091672973f95f8287db6ce19bf86b9aaa17df909a245c

    • Size

      3.1MB

    • MD5

      7326e2cc8b19595770965d72e1041325

    • SHA1

      e1758cbd4eea1c45ef714d1c0651abe27d91fe93

    • SHA256

      352cb323fe4e530753a091672973f95f8287db6ce19bf86b9aaa17df909a245c

    • SHA512

      a94365d8c26f6042c75f9fe0eb7945509ef6d5f2fc3f7e5252678efb3bb1fc2dc1efeaaa007e849c279703f66074c08a63686e96c780a35287ebbb2c4fd92236

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBLB/bSqz8b6LNXJqI:sxX7QnxrloE5dpUpobVz8eLFc

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks