General

  • Target

    b55628770517145bc846b092889e6d96d8bc7c82c5e3704d53ee693101bfe510.exe

  • Size

    2.1MB

  • Sample

    241002-bxv1yathqc

  • MD5

    7846bac09fcd1f8aa00a0f2158f2f2b0

  • SHA1

    3ecb42a880c4afba0bfc7c903bdfde9699b1c848

  • SHA256

    b55628770517145bc846b092889e6d96d8bc7c82c5e3704d53ee693101bfe510

  • SHA512

    9fff0c83e3e672573484cda242d5298350e647479a018bd4468242510267e561a0cd59346e5be75229e6e509eb409790627e48a7c8981d192e5d074052c97c5c

  • SSDEEP

    49152:zvGF72mgjLUNUUU2xOqrA+GAxHX7n7V2WJxa0pDRoOw3AZEHtQMTf:zvICH8NM2MUf30WJwulZMA0mMTf

Malware Config

Targets

    • Target

      b55628770517145bc846b092889e6d96d8bc7c82c5e3704d53ee693101bfe510.exe

    • Size

      2.1MB

    • MD5

      7846bac09fcd1f8aa00a0f2158f2f2b0

    • SHA1

      3ecb42a880c4afba0bfc7c903bdfde9699b1c848

    • SHA256

      b55628770517145bc846b092889e6d96d8bc7c82c5e3704d53ee693101bfe510

    • SHA512

      9fff0c83e3e672573484cda242d5298350e647479a018bd4468242510267e561a0cd59346e5be75229e6e509eb409790627e48a7c8981d192e5d074052c97c5c

    • SSDEEP

      49152:zvGF72mgjLUNUUU2xOqrA+GAxHX7n7V2WJxa0pDRoOw3AZEHtQMTf:zvICH8NM2MUf30WJwulZMA0mMTf

    • Modifies WinLogon for persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Disables Task Manager via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.