General

  • Target

    ChernoLocker.e

  • Size

    11.9MB

  • Sample

    240824-wdly5stenk

  • MD5

    59fe74c68bbc9e76affdf9f337fb81df

  • SHA1

    1aebb30376c1e768e35678b2124d348b2c322168

  • SHA256

    613c8a8b7b723704469e31be829499b7d36b9fdc62b9850f1c6522fd4c81ea3f

  • SHA512

    9f55e12430f885185050f2079facb038a748681ebdc37926b8ad38a81c35488a9130022ef414932a299ead31c25943d0f4aa5743086d6633f7caefe86daced26

  • SSDEEP

    196608:GQ3fOfpVwQsbmo9X2wl/i1tbpSzZTfuf6hc7ro7VEHe/vAYYjlcy5JvCflgxKr:GQmfDwQX4XdJi8zZfQ6hE7+XAPcVflgx

Malware Config

Targets

    • Target

      ChernoLocker.e

    • Size

      11.9MB

    • MD5

      59fe74c68bbc9e76affdf9f337fb81df

    • SHA1

      1aebb30376c1e768e35678b2124d348b2c322168

    • SHA256

      613c8a8b7b723704469e31be829499b7d36b9fdc62b9850f1c6522fd4c81ea3f

    • SHA512

      9f55e12430f885185050f2079facb038a748681ebdc37926b8ad38a81c35488a9130022ef414932a299ead31c25943d0f4aa5743086d6633f7caefe86daced26

    • SSDEEP

      196608:GQ3fOfpVwQsbmo9X2wl/i1tbpSzZTfuf6hc7ro7VEHe/vAYYjlcy5JvCflgxKr:GQmfDwQX4XdJi8zZfQ6hE7+XAPcVflgx

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops file in Drivers directory

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks