General
-
Target
activation.exe
-
Size
13KB
-
Sample
241101-vner5svkbr
-
MD5
f92abba25b704e790d93cb75e30d58f2
-
SHA1
653703511436edb8bd46682e62c8f300828be89d
-
SHA256
adf78868f15f3d05f9dc8146e080d8a5132418b3ec0bcf615841b0dc0a463a90
-
SHA512
56f2d95502fcd296c42d8509f7e803814098c1d7965584d1e91d79ed47dd19d3d873031f06ef9200d14a663ba633958cf0633a3b6940c1d0d801a817cf978c07
-
SSDEEP
384:aFLou1CVtT4YpaT0YmeoZo33hUroJJUSF:8L/QVtTycihUsJJB
Malware Config
Targets
-
-
Target
activation.exe
-
Size
13KB
-
MD5
f92abba25b704e790d93cb75e30d58f2
-
SHA1
653703511436edb8bd46682e62c8f300828be89d
-
SHA256
adf78868f15f3d05f9dc8146e080d8a5132418b3ec0bcf615841b0dc0a463a90
-
SHA512
56f2d95502fcd296c42d8509f7e803814098c1d7965584d1e91d79ed47dd19d3d873031f06ef9200d14a663ba633958cf0633a3b6940c1d0d801a817cf978c07
-
SSDEEP
384:aFLou1CVtT4YpaT0YmeoZo33hUroJJUSF:8L/QVtTycihUsJJB
Score8/10-
Looks for VMWare Tools registry key
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1