General

  • Target

    66a967865d0b31b15c92358f17b378c0N.exe

  • Size

    2.6MB

  • Sample

    240820-v39wtsvbpa

  • MD5

    66a967865d0b31b15c92358f17b378c0

  • SHA1

    668a9e142c13dc45dc467a7286f25ea30906a7e3

  • SHA256

    d49f5769bc8da6c5747d91ab13d3458df0cb9b154b2c865b70f2a868414e4718

  • SHA512

    8007f34913379a579e86f533369688e0e12eccb01df0b52b2b4cc15f48ca3e1ca46be36e569bbf0229916f2a1777304be441e029a134eb80c6ebc7dfad5dea4c

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBiB/bS:sxX7QnxrloE5dpUpVb

Malware Config

Targets

    • Target

      66a967865d0b31b15c92358f17b378c0N.exe

    • Size

      2.6MB

    • MD5

      66a967865d0b31b15c92358f17b378c0

    • SHA1

      668a9e142c13dc45dc467a7286f25ea30906a7e3

    • SHA256

      d49f5769bc8da6c5747d91ab13d3458df0cb9b154b2c865b70f2a868414e4718

    • SHA512

      8007f34913379a579e86f533369688e0e12eccb01df0b52b2b4cc15f48ca3e1ca46be36e569bbf0229916f2a1777304be441e029a134eb80c6ebc7dfad5dea4c

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBiB/bS:sxX7QnxrloE5dpUpVb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks