General

  • Target

    1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20N

  • Size

    517KB

  • Sample

    241103-sn27bswpct

  • MD5

    9f24bfee14b2d23fd4fda2da76961c80

  • SHA1

    b2bc1eb33d7caabdbb50a947ab4b619feba47966

  • SHA256

    1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20

  • SHA512

    000f1d04b77336a876ffeea9cd3f4ac45619333b23cd40fefbf6761a82864695ee648bad67f3d7752b000d21f9743d51ff2bd2e4c3a153181d3b2d7b5601b0ba

  • SSDEEP

    12288:4MfzuguRK82MN7PfEwGok3AoG06vQXfBDkWeDvkfk/:4sIRK8X7PfEwmwIzD4x

Malware Config

Targets

    • Target

      1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20N

    • Size

      517KB

    • MD5

      9f24bfee14b2d23fd4fda2da76961c80

    • SHA1

      b2bc1eb33d7caabdbb50a947ab4b619feba47966

    • SHA256

      1ccfd551c7a5b7f1505518cf9c6025345df10c2efae174ba82405d8e98b3fa20

    • SHA512

      000f1d04b77336a876ffeea9cd3f4ac45619333b23cd40fefbf6761a82864695ee648bad67f3d7752b000d21f9743d51ff2bd2e4c3a153181d3b2d7b5601b0ba

    • SSDEEP

      12288:4MfzuguRK82MN7PfEwGok3AoG06vQXfBDkWeDvkfk/:4sIRK8X7PfEwmwIzD4x

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks