General

  • Target

    8d067a17765a9dbb1fe2a730c0b96cb6b7517b3d614404d59f834a1d925c8b6eN

  • Size

    3.9MB

  • Sample

    241021-j22y2sxhjm

  • MD5

    cdcea42d7ff16640077ba67aa4c19880

  • SHA1

    2ab38e53a5ba5ff971daa23e5537c980329e6043

  • SHA256

    8d067a17765a9dbb1fe2a730c0b96cb6b7517b3d614404d59f834a1d925c8b6e

  • SHA512

    8b8390fc5a3b98bf2dd1d0f6ec822dd057509f6029a47e3df1c2a7f70d821ef25b4bcbb1c131076e6f081c7c0bcfc0d3b9723dfbebc1f3d04972c527bc37501e

  • SSDEEP

    24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII7:nFU

Malware Config

Targets

    • Target

      8d067a17765a9dbb1fe2a730c0b96cb6b7517b3d614404d59f834a1d925c8b6eN

    • Size

      3.9MB

    • MD5

      cdcea42d7ff16640077ba67aa4c19880

    • SHA1

      2ab38e53a5ba5ff971daa23e5537c980329e6043

    • SHA256

      8d067a17765a9dbb1fe2a730c0b96cb6b7517b3d614404d59f834a1d925c8b6e

    • SHA512

      8b8390fc5a3b98bf2dd1d0f6ec822dd057509f6029a47e3df1c2a7f70d821ef25b4bcbb1c131076e6f081c7c0bcfc0d3b9723dfbebc1f3d04972c527bc37501e

    • SSDEEP

      24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII7:nFU

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks