General

  • Target

    9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28bN

  • Size

    512KB

  • Sample

    241021-ll2z8azhpn

  • MD5

    8188421aa04af3bbe82f15502ec59380

  • SHA1

    af8431a76a57ccb4e8b26e16728e04cdb8374604

  • SHA256

    9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28b

  • SHA512

    d1422ddcfda2c309cec6f0adf5d3319e2c96bc744463591251fdbaac8f65c1a900226333aaf57c666ae258d64defe5195d63fe7eaf31d94751fca9d8f1b963bf

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6w:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5H

Malware Config

Targets

    • Target

      9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28bN

    • Size

      512KB

    • MD5

      8188421aa04af3bbe82f15502ec59380

    • SHA1

      af8431a76a57ccb4e8b26e16728e04cdb8374604

    • SHA256

      9e5cb79aaa073100203e2d4e146e10d08c97b68289810a0651c95d8dc9a5d28b

    • SHA512

      d1422ddcfda2c309cec6f0adf5d3319e2c96bc744463591251fdbaac8f65c1a900226333aaf57c666ae258d64defe5195d63fe7eaf31d94751fca9d8f1b963bf

    • SSDEEP

      6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6w:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5H

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables RegEdit via registry modification

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks