General

  • Target

    0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa.exe

  • Size

    1.7MB

  • Sample

    241016-bdrt6syfmj

  • MD5

    d9355b4c496a14e5fc4f5b398b340b8f

  • SHA1

    fa75a031565aeeddf1d30a18d2a7a7ec6a548b84

  • SHA256

    0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa

  • SHA512

    7eb5116aa6bba746dd22e8869e1bca20380447977ae5b497a33209e9e9ae69e74a231d3802d5c45fcf7754915525c126f6d0955a710c91e5a1b2a3fe01a17022

  • SSDEEP

    24576:OEW+JBrRp9+3hpZh/u1d3fv3Ob2Mo4bn8Srvkphqu9z1U/cEuviOH3x:OEzJB39+3hpZRu1d3fO

Malware Config

Targets

    • Target

      0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa.exe

    • Size

      1.7MB

    • MD5

      d9355b4c496a14e5fc4f5b398b340b8f

    • SHA1

      fa75a031565aeeddf1d30a18d2a7a7ec6a548b84

    • SHA256

      0383dde13058254e4bacefa21eaeb17a8beb7fd085d5912701f01c57d178afaa

    • SHA512

      7eb5116aa6bba746dd22e8869e1bca20380447977ae5b497a33209e9e9ae69e74a231d3802d5c45fcf7754915525c126f6d0955a710c91e5a1b2a3fe01a17022

    • SSDEEP

      24576:OEW+JBrRp9+3hpZh/u1d3fv3Ob2Mo4bn8Srvkphqu9z1U/cEuviOH3x:OEzJB39+3hpZRu1d3fO

    • Looks for VirtualBox Guest Additions in registry

    • Downloads MZ/PE file

    • Looks for VMWare Tools registry key

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks