General

  • Target

    d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8

  • Size

    13.8MB

  • Sample

    241021-tm1sjsyeja

  • MD5

    6228d5ca4d945624841478fa0df03501

  • SHA1

    ae3adbf6373b22345a2586309de31a5f72eeb25d

  • SHA256

    d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8

  • SHA512

    aa7b41b348c2a7b192ccf28e6ebf7d0e28f5130ec547ecc8093c914129c132fcfdaa20279860f369ea1b4da83ec7603d96a02424348a03ef0a9b4288c861f983

  • SSDEEP

    393216:bZvRrDjtLKkOa8ps6puAktIzwf+6pJTRGSUa+arvSPE:BRrDjt2kOa87QRa+SaaE

Malware Config

Targets

    • Target

      d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8

    • Size

      13.8MB

    • MD5

      6228d5ca4d945624841478fa0df03501

    • SHA1

      ae3adbf6373b22345a2586309de31a5f72eeb25d

    • SHA256

      d400cb359e54fd6f84a931b7b7895b422be50691a4bc011bf88a8e8a00b8e8b8

    • SHA512

      aa7b41b348c2a7b192ccf28e6ebf7d0e28f5130ec547ecc8093c914129c132fcfdaa20279860f369ea1b4da83ec7603d96a02424348a03ef0a9b4288c861f983

    • SSDEEP

      393216:bZvRrDjtLKkOa8ps6puAktIzwf+6pJTRGSUa+arvSPE:BRrDjt2kOa87QRa+SaaE

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks