General
-
Target
MDE_File_Sample_f41281092e2f8a54df9e612f7ebb65328ec27f98.zip
-
Size
2.7MB
-
Sample
240723-fvnlasyhpc
-
MD5
1c40ef979d8208e09b5513740cb72544
-
SHA1
032fd3a20c8cf23faa13b43f2fcc675825fc3183
-
SHA256
45441bf1f288829f80f044069e41fdbd98d4285add765e3f3e169b60e17c7621
-
SHA512
7e1351a0c6fdaecf34509705b83e46f173a1f02d3867f737190464f8f8d76a0629d3f2b3f39ea67a0c240e70c92181cd71a79fc1acf4156e6adf237c37776c49
-
SSDEEP
49152:mopS4NyvhiaJN/7MlblbmgOX5Ou3sDCMh5+jlSYFZzCEiZQnZBL9j:mocp/7s5mH5OIslj4ldjzCEiChj
Malware Config
Targets
-
-
Target
f_0041d2
-
Size
3.2MB
-
MD5
6bc322e76eb2775b19f0122fd5e16876
-
SHA1
f41281092e2f8a54df9e612f7ebb65328ec27f98
-
SHA256
85bdf9718ef5d7e3010b376222e995f5f7f09a85b2371d670ce3adb716ff8823
-
SHA512
486c69e8e12642538e0821da425089c7d3e3ed8c973f811274a876abd5be1df460f850aef464c7468eb6fc13d6123e49c94deccfd96fabb98ce17e8c181df34b
-
SSDEEP
49152:+BuZrEUW75LCvspyQQ27WmthNKbxzlvdDbmy+KOpuuyuVw8HRQuv9IIQYjpo039h:4kLiYuywfUx3Dbmy9uHXlIfYjpo0NjoA
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1