General

  • Target

    aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03N

  • Size

    2.2MB

  • Sample

    241027-ssledawrdw

  • MD5

    6dbdc69771e30382aad6c4ac051f0360

  • SHA1

    28272da6b9b0dd3e8bcf161a18205e954b587080

  • SHA256

    aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03

  • SHA512

    84008b9ca6cb241687517061c398d812cdf1874afe31c6027c6eeff99b365c7e8d044f3a898ae54feb2bc0e459eb4264a26da16f6c880ee1eac1b0accd95fbfb

  • SSDEEP

    24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIm:P

Malware Config

Targets

    • Target

      aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03N

    • Size

      2.2MB

    • MD5

      6dbdc69771e30382aad6c4ac051f0360

    • SHA1

      28272da6b9b0dd3e8bcf161a18205e954b587080

    • SHA256

      aed1e927e28a0aef08dfbd3be27ae9f4d33f150e87dad18f3c288883c0f63e03

    • SHA512

      84008b9ca6cb241687517061c398d812cdf1874afe31c6027c6eeff99b365c7e8d044f3a898ae54feb2bc0e459eb4264a26da16f6c880ee1eac1b0accd95fbfb

    • SSDEEP

      24576:qIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIm:P

    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks