General

  • Target

    f9af2c3968ac850464f135191de237bd9e05e1401144b861f3a228ea5b5bf2bf

  • Size

    2.6MB

  • Sample

    240808-f3admsteka

  • MD5

    5b7afcd55c9ffaa51d37f7689696aba7

  • SHA1

    c3a1ced3c3a574cf959569fd7c353c7ff41704e5

  • SHA256

    f9af2c3968ac850464f135191de237bd9e05e1401144b861f3a228ea5b5bf2bf

  • SHA512

    50972d2ad3c7359e5cea795c2e6cbfffc6dd3f0ec176e0f86e0098255b07a2a7c92d89857a476b996777ba1b9a7666b70d7d9a9784cf9d81a7e4ee9d272c4d91

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBRB/bS:sxX7QnxrloE5dpUp6b

Malware Config

Targets

    • Target

      f9af2c3968ac850464f135191de237bd9e05e1401144b861f3a228ea5b5bf2bf

    • Size

      2.6MB

    • MD5

      5b7afcd55c9ffaa51d37f7689696aba7

    • SHA1

      c3a1ced3c3a574cf959569fd7c353c7ff41704e5

    • SHA256

      f9af2c3968ac850464f135191de237bd9e05e1401144b861f3a228ea5b5bf2bf

    • SHA512

      50972d2ad3c7359e5cea795c2e6cbfffc6dd3f0ec176e0f86e0098255b07a2a7c92d89857a476b996777ba1b9a7666b70d7d9a9784cf9d81a7e4ee9d272c4d91

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBRB/bS:sxX7QnxrloE5dpUp6b

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks