General

  • Target

    02cb1ecedc2cbc52de4cc4111afaa430N.exe

  • Size

    2.6MB

  • Sample

    240825-hw2knatajn

  • MD5

    02cb1ecedc2cbc52de4cc4111afaa430

  • SHA1

    0aee026584442e1b253eb3f82736d0e1ef689461

  • SHA256

    771176a8b39566fe0691e8f6f94157e760423010f65dbb5b1e5b4af65695c5a7

  • SHA512

    d1df7516159e4fe719ccabbe444e291923cced0989f8f4de539ed8074eb06b4bdc81a4d257b071cb1f05e229f2c34e9a21148603e92d7ba8ce57ccd040b94ace

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB4B/bS:sxX7QnxrloE5dpUpHb

Malware Config

Targets

    • Target

      02cb1ecedc2cbc52de4cc4111afaa430N.exe

    • Size

      2.6MB

    • MD5

      02cb1ecedc2cbc52de4cc4111afaa430

    • SHA1

      0aee026584442e1b253eb3f82736d0e1ef689461

    • SHA256

      771176a8b39566fe0691e8f6f94157e760423010f65dbb5b1e5b4af65695c5a7

    • SHA512

      d1df7516159e4fe719ccabbe444e291923cced0989f8f4de539ed8074eb06b4bdc81a4d257b071cb1f05e229f2c34e9a21148603e92d7ba8ce57ccd040b94ace

    • SSDEEP

      49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB4B/bS:sxX7QnxrloE5dpUpHb

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks