General

  • Target

    52c7c34bcc42c907a275f706cde7c03eab24287f3aec081f0bd88780de131e7c.exe

  • Size

    13.2MB

  • Sample

    240927-trcxaatcjg

  • MD5

    a4fd5040db03f0c04306ab7824320269

  • SHA1

    32a4e4f1c7d0c0fe1be81bddecafeb2303a8227b

  • SHA256

    52c7c34bcc42c907a275f706cde7c03eab24287f3aec081f0bd88780de131e7c

  • SHA512

    ca00c6c4cbd5dab079ce204f9adabba1c748869d79a172bdf8aa434aa97de4c3627273208ecd970159eae432e5e3bf69e7e860a9cae07e5a7918c98cd1d0e9c2

  • SSDEEP

    393216:AIEkZgf8iq1+TtIiFGvvB5IjWqn6eCz1lypRXiWCoaa:rRbiq1QtIZX3ILn6esyaVoaa

Malware Config

Targets

    • Target

      52c7c34bcc42c907a275f706cde7c03eab24287f3aec081f0bd88780de131e7c.exe

    • Size

      13.2MB

    • MD5

      a4fd5040db03f0c04306ab7824320269

    • SHA1

      32a4e4f1c7d0c0fe1be81bddecafeb2303a8227b

    • SHA256

      52c7c34bcc42c907a275f706cde7c03eab24287f3aec081f0bd88780de131e7c

    • SHA512

      ca00c6c4cbd5dab079ce204f9adabba1c748869d79a172bdf8aa434aa97de4c3627273208ecd970159eae432e5e3bf69e7e860a9cae07e5a7918c98cd1d0e9c2

    • SSDEEP

      393216:AIEkZgf8iq1+TtIiFGvvB5IjWqn6eCz1lypRXiWCoaa:rRbiq1QtIZX3ILn6esyaVoaa

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks