General

  • Target

    d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

  • Size

    2.1MB

  • Sample

    241031-j9752awmam

  • MD5

    222a5b5c942853cf2e9d9c5f9f7dcf97

  • SHA1

    433b34935ee4101b0705228363bc756628cf0217

  • SHA256

    d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

  • SHA512

    015b11b14eb0cb432c3c05be2682afa76af0abaa442a003a9299d5ad62c676c6f50ced746d70c7a8a088556f51e078e1a0786c64da4d0c4ef6ee97381d99635d

  • SSDEEP

    49152:0MYnMbts4Uqq+VaSGRB1kyUdfofKVkOgThzEKuOyYdf:0jn+1OkaSGRB1RokOgtgH

Malware Config

Targets

    • Target

      d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

    • Size

      2.1MB

    • MD5

      222a5b5c942853cf2e9d9c5f9f7dcf97

    • SHA1

      433b34935ee4101b0705228363bc756628cf0217

    • SHA256

      d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

    • SHA512

      015b11b14eb0cb432c3c05be2682afa76af0abaa442a003a9299d5ad62c676c6f50ced746d70c7a8a088556f51e078e1a0786c64da4d0c4ef6ee97381d99635d

    • SSDEEP

      49152:0MYnMbts4Uqq+VaSGRB1kyUdfofKVkOgThzEKuOyYdf:0jn+1OkaSGRB1RokOgtgH

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops Chrome extension

    • Target

      $PLUGINSDIR/CrxInstaller.dll

    • Size

      1.5MB

    • MD5

      b9086dfa9511196d59814b0fb377b09a

    • SHA1

      ec723cd037ec98fc933b3b67a54afb7dd9f8172c

    • SHA256

      a804304dbbeecb815a9b8b90f071fe50ccec50502eb367f86bfc575db1102e85

    • SHA512

      8d847d5096db55ee4744b1091c1cf481069f14e5b3fe4a73e42fff2639b4d520a49341fe1b61f69406b05e5c2d06ff6fc35f1ad73c39844fc3c80b01470411df

    • SSDEEP

      24576:Ff64gx6dClC8MokQ/f6Qi/KgIxyTETKSkegNheT+pZUS+oeZfHV9fvXoa:whFLkCfMKggyTEcJGH99fvXT

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    • Target

      $PLUGINSDIR/Utility.dll

    • Size

      66KB

    • MD5

      919e51f9624146563ef6ee90c21f14f3

    • SHA1

      fa492bb48a47dce845c1d392943372a2ea80c4c4

    • SHA256

      e5e100d598b38ec69d74310003648188500dcd82dd26ff3c5c29dd8d47148005

    • SHA512

      1a48bdaef10cbe497782ae694a0174768268326ad9f234fe3fef4eece6ddf811099b90288527c5ff0e6dc0d35d1967931d570b574a80f8d3c5b107845ef83dbc

    • SSDEEP

      768:UQ7+9oCRIIYSvCJd5uWl2L14hxJT+FmLsXbhDHygIriNFndiTW6Gny5wol:i9ovJfdZl2R4yUsLhSgIri/kW6J5w

    Score
    3/10
    • Target

      SecEditCtlHost.SRCB.exe

    • Size

      867KB

    • MD5

      44ead637cdb43208b934a79b0c8e7022

    • SHA1

      404c00d3248b24efbcae7ab0a803e7aea9e70ea5

    • SHA256

      142ad689fb819615de0c3d1eda3a1fb076493753d1698f4f5efbea0ea6eb5762

    • SHA512

      dbdf22e2c1c984a34b86f3142954aa95cdd74e70b6616558b28b0e3d19f7f3e15089f5874394e5dfa1495218a712edf8aab156368b4563b87e0a83051a733f3f

    • SSDEEP

      24576:fG1LFrewSLPT2x3akWGL0fD/KrTJwrnReopYu:fG1hevLe3BY7yJ8goKu

    Score
    3/10
    • Target

      ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/content.js

    • Size

      1KB

    • MD5

      30d04d48269094b0577097906cb8869c

    • SHA1

      775651d3080702c47fc8212bc248069eb1e37b47

    • SHA256

      2fe907b1304cdeef66cfff2905ce33e606c2fc360e8d4b9edc9cc6b6a71517d2

    • SHA512

      49413b2f798006c27829f4edf2e90a7609e664392697a7c7d2539c8450892b9f0c2d63322438a7061d59ac10372f594e8885ba8937436da7f83c911c473d7b45

    Score
    3/10
    • Target

      ikmbmfkdkoampbhdaknhonadjaofhhnh/3.2.0.5_0/eventPage.js

    • Size

      5KB

    • MD5

      1b87e6e449daaab8f9cea67ee1ac93ff

    • SHA1

      3b2aaaba617c5c7b119b4430e6a56f6ac07cfcbd

    • SHA256

      c90aa9ee174a250f08cfffee91d5fcad36c471134168d5951bad77c843aa849c

    • SHA512

      0c8b3356fc135ea6aad4005c9d0baccb81e7ec27a673b6d90f1093552483fc242f40df8714408c3223c0ff55b18a9f656e5a46790bb67b290090ec20b7046351

    • SSDEEP

      48:XDsRZoSMsZoIMsZo8sZoflpOmMZSLUM6vzvKZxtJ/6VJnAkH6tEOK3BEiAMT3ANu:zkFfYJSAuxtJQnP33p3AhrtES3LE

    Score
    3/10
    • Target

      uninst.exe

    • Size

      859KB

    • MD5

      3fe105c3f3156162d4406f790247efd9

    • SHA1

      c25caa41390c94fde1b3bc3b9c2a78ccb75760c0

    • SHA256

      9fea43e81a1c57df1df2ad5b80f8afbf775c11cda2440e534bb7fd2b24d0d857

    • SHA512

      b1117dbf7d419fc7c0e79c7c757db55ab59c133c1263043633f647dcda8937b5d78cc25d32d9420519e9cb02968681bdec796eb2214d11324a5a99d3b9275c65

    • SSDEEP

      24576:ubyQP0QuzZaSGGoPbBN4ukyRugsfT8UC+:0V+VaSGRB1kyUdfv

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      $PLUGINSDIR/CrxInstaller.dll

    • Size

      1.5MB

    • MD5

      b9086dfa9511196d59814b0fb377b09a

    • SHA1

      ec723cd037ec98fc933b3b67a54afb7dd9f8172c

    • SHA256

      a804304dbbeecb815a9b8b90f071fe50ccec50502eb367f86bfc575db1102e85

    • SHA512

      8d847d5096db55ee4744b1091c1cf481069f14e5b3fe4a73e42fff2639b4d520a49341fe1b61f69406b05e5c2d06ff6fc35f1ad73c39844fc3c80b01470411df

    • SSDEEP

      24576:Ff64gx6dClC8MokQ/f6Qi/KgIxyTETKSkegNheT+pZUS+oeZfHV9fvXoa:whFLkCfMKggyTEcJGH99fvXT

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks