General
-
Target
ActSet.zip
-
Size
3.9MB
-
Sample
241101-vtmd6s1pf1
-
MD5
34712bf9567002cc3cf87f9084bae49d
-
SHA1
e06626c9e095bd6c70dd0e81bc3ba3269edc030c
-
SHA256
b8711832d2e999b1228be5a26010732b753512b9351ceb1d27f7dd5ee36115bf
-
SHA512
6b12b7e3eba8cbefeda729fb185388f4f2a8fab53aaeadc179507f8d70f2a8a63a6f306131c5d370583ba12ec2eaafefc9d892ddec79a0929df53582b95e7400
-
SSDEEP
98304:JeEzDgl5hDh/JbuepMrMPvffus6dQWi0bh0XG:8EzDgl7l/4epMrMXt6dQWGG
Malware Config
Targets
-
-
Target
ActSet.exe
-
Size
650.0MB
-
MD5
5d154e54427fc951508fcb8225260eeb
-
SHA1
02ef7db12f07ac919823a765c35bef0a0ac777cb
-
SHA256
62c435de1dd3657a0d2203948aa79de68432ee59b632574f571211acf3520b37
-
SHA512
211a11b84aa9e64e3ea25782c4b4eb0ce48842b98262c03be1b2de705386e04e02b49ba61680e624a0216cd863cef48f3793c301825f29cb9260eeafb454ed87
-
SSDEEP
49152:CeNzxKvAI/KnCAjFN2DOjwJHJdVLD4+04p+cn0Jmc9gqSsOp4MQ+FnFrMR5:DCA34pfBGgqSsOV
Score8/10-
Looks for VMWare Tools registry key
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1