General

  • Target

    f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19

  • Size

    2.3MB

  • Sample

    240912-dxkajsyeqh

  • MD5

    002ed11af9c78566710fdd1debd21644

  • SHA1

    d9c44fc6c474dacb0ec735cfc0a789f5fd20f5a0

  • SHA256

    f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19

  • SHA512

    f0f8af4f96d3e72ea21a7203d1837aa50f1b39f5fb70c7e39bd6b18e3eb6ee7c2b193c2d323f30c8c37c58dfa79f364501cecae4b26454c1120332470eea412e

  • SSDEEP

    49152:Ipgs8ABpNAcbBicSTgbDgtcBbWRzfYb/kL+agsNFCriQmew54a31Ft:IGs8AvNzXgtcpEfFFC2QVbaXt

Malware Config

Targets

    • Target

      f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19

    • Size

      2.3MB

    • MD5

      002ed11af9c78566710fdd1debd21644

    • SHA1

      d9c44fc6c474dacb0ec735cfc0a789f5fd20f5a0

    • SHA256

      f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19

    • SHA512

      f0f8af4f96d3e72ea21a7203d1837aa50f1b39f5fb70c7e39bd6b18e3eb6ee7c2b193c2d323f30c8c37c58dfa79f364501cecae4b26454c1120332470eea412e

    • SSDEEP

      49152:Ipgs8ABpNAcbBicSTgbDgtcBbWRzfYb/kL+agsNFCriQmew54a31Ft:IGs8AvNzXgtcpEfFFC2QVbaXt

    • Banload

      Banload variants download malicious files, then install and execute the files.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Modifies Windows Firewall

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks