Resubmissions

14/11/2024, 10:36

241114-mnbrgs1qdm 10

19/10/2024, 03:10

241019-dn3erstdph 7

General

  • Target

    257585d191281c0de2a51601751a5f7fdfe9256378004ffcf088b46e299aa760.zip

  • Size

    356KB

  • Sample

    241019-dn3erstdph

  • MD5

    c443b3fe7443cf5db3c63da04ba9d67c

  • SHA1

    1078df66f94b5f176a4974cc860c4e3a54301fca

  • SHA256

    07e7cdf3cf400fac3c0c5300f08db02ceae216d8b9abd9ec2c3d596ab7757bc9

  • SHA512

    b2dc63294db7693890f41711e0c891bfc5f9d56cbfc8ca5578859f971444c826d41c3ffd77e51645643a49ae2dbbb0fc33be512d0eeae42b584a66767f2fd827

  • SSDEEP

    6144:+G4ySoYG+U8U/46OPsC1NVtiJ/BmsEoytbG3YHeurpZlvINYOgl/MYYA0M9gy6hL:+G4y5YF246OUC1NDiCJGIH7rLlca+YYt

Malware Config

Targets

    • Target

      257585d191281c0de2a51601751a5f7fdfe9256378004ffcf088b46e299aa760

    • Size

      786KB

    • MD5

      7bc285d267f39aa6023800705d50005f

    • SHA1

      2146bf7ea2085f8cc7d0a506dd391033ad88855a

    • SHA256

      257585d191281c0de2a51601751a5f7fdfe9256378004ffcf088b46e299aa760

    • SHA512

      99a7ca422f8748dac0d6846c956a6e050579d3882bbd82d0aee136349e257e16dce5fb26c2b45e29f411e20ec6380544d1b82b24d020eac5e63c0e1afbeeff86

    • SSDEEP

      12288:b3aVasryJ7+delmjBRQlM2MHL7YLWwPrB+5H9FpK6SGxm1KXL+Yevh9GMlXEti:b3aVas+J7+delmjXyIViB+LFp5GY/t

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks