General

  • Target

    e028f45878e9444fc6f0d80b0a27d4a773878604bc99756327ec8ab93e4d79e8N

  • Size

    946KB

  • Sample

    241027-wannkaxpcl

  • MD5

    1bdaa774ab57c633ca83dd346d6aa830

  • SHA1

    ac1aee06b27b51db5f4aa336f2dec22af09d307e

  • SHA256

    e028f45878e9444fc6f0d80b0a27d4a773878604bc99756327ec8ab93e4d79e8

  • SHA512

    f885a3ca072ab86ed53ab494e3ba36fbd43f745d4148857c36fbf1905f9d8aca33faec3a3cccf3c6d21d33cdeb80eeb545dfeaae97e9d323bd38a4370f424909

  • SSDEEP

    24576:xGmZWMDi1W7bwDKZl+TCTMH3aboiC9QyVlOY:QmFDfIDKHcCoXwohdb

Malware Config

Targets

    • Target

      e028f45878e9444fc6f0d80b0a27d4a773878604bc99756327ec8ab93e4d79e8N

    • Size

      946KB

    • MD5

      1bdaa774ab57c633ca83dd346d6aa830

    • SHA1

      ac1aee06b27b51db5f4aa336f2dec22af09d307e

    • SHA256

      e028f45878e9444fc6f0d80b0a27d4a773878604bc99756327ec8ab93e4d79e8

    • SHA512

      f885a3ca072ab86ed53ab494e3ba36fbd43f745d4148857c36fbf1905f9d8aca33faec3a3cccf3c6d21d33cdeb80eeb545dfeaae97e9d323bd38a4370f424909

    • SSDEEP

      24576:xGmZWMDi1W7bwDKZl+TCTMH3aboiC9QyVlOY:QmFDfIDKHcCoXwohdb

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks