General

  • Target

    63ad50cb5da16312f73dd1015c728170N.exe

  • Size

    1.3MB

  • Sample

    240721-es6teswdpk

  • MD5

    63ad50cb5da16312f73dd1015c728170

  • SHA1

    5195aabb9be7537c95c3429bfb1000303192086a

  • SHA256

    2fb2896b5a0e16eec7a63e6a80fd1795c3601fb82e84573e05f199b6360310f2

  • SHA512

    fd7042f3ff4c3f44e379d75c96bb400e2e166287d0db6e3e2a82a40c7f82678d95caa6187d865a735ba8ba1b02fc5b51dba2817cfc0b795ea191943a5464a965

  • SSDEEP

    24576:CMY2A87aWIulVZTuCtWuy5S4Gew6JKf/WRp289uS3iOoJCBV:Cx8auzZ7td4Gl6gf/WRp9uKWIV

Malware Config

Targets

    • Target

      63ad50cb5da16312f73dd1015c728170N.exe

    • Size

      1.3MB

    • MD5

      63ad50cb5da16312f73dd1015c728170

    • SHA1

      5195aabb9be7537c95c3429bfb1000303192086a

    • SHA256

      2fb2896b5a0e16eec7a63e6a80fd1795c3601fb82e84573e05f199b6360310f2

    • SHA512

      fd7042f3ff4c3f44e379d75c96bb400e2e166287d0db6e3e2a82a40c7f82678d95caa6187d865a735ba8ba1b02fc5b51dba2817cfc0b795ea191943a5464a965

    • SSDEEP

      24576:CMY2A87aWIulVZTuCtWuy5S4Gew6JKf/WRp289uS3iOoJCBV:Cx8auzZ7td4Gl6gf/WRp9uKWIV

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks