General

  • Target

    aa4326c1ce14edbd9eef77add4cb1680N.exe

  • Size

    2.6MB

  • Sample

    240805-tbgwasvdkf

  • MD5

    aa4326c1ce14edbd9eef77add4cb1680

  • SHA1

    32e67525829050225c6e81e818bbc80f83c30f0e

  • SHA256

    afc094a7e7120c7240b6b1ea2ba6659e48dbd37f519087e4fd0296f23c9d7ff1

  • SHA512

    b1c81efc47580055ce4b988b660826f8bca40ce5f4302b2d4a0641ec4dbe2503617da5c5e7e620ff93b55a3f61daf03a539314b7fbb6fbb13a09145c0fecbb03

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBmB/bS:sxX7QnxrloE5dpUptb

Malware Config

Targets

    • Target

      aa4326c1ce14edbd9eef77add4cb1680N.exe

    • Size

      2.6MB

    • MD5

      aa4326c1ce14edbd9eef77add4cb1680

    • SHA1

      32e67525829050225c6e81e818bbc80f83c30f0e

    • SHA256

      afc094a7e7120c7240b6b1ea2ba6659e48dbd37f519087e4fd0296f23c9d7ff1

    • SHA512

      b1c81efc47580055ce4b988b660826f8bca40ce5f4302b2d4a0641ec4dbe2503617da5c5e7e620ff93b55a3f61daf03a539314b7fbb6fbb13a09145c0fecbb03

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBmB/bS:sxX7QnxrloE5dpUptb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks