General

  • Target

    045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9N

  • Size

    1.3MB

  • Sample

    241104-heq3lawhnk

  • MD5

    dda42ac9de8a5b0d6e7b79ec20f9e6d0

  • SHA1

    3cd61729bc16e83ce94b670d99b5aa9585af2e63

  • SHA256

    045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9

  • SHA512

    d5be7a374be347db56f689e943aa3d481066c948a947a1537a3b3a608997506469cf3397e15b5d495522c3452e1cfd5574273f177990fd7441c951b1deec0bc3

  • SSDEEP

    12288:GX+poQwy+f7zl7EGhP/nyXjnreHHWVocHLlIAYV0VbkQsYxiLkT3AYwj7Z2TErXX:iDZntnyXguVS/pYbJU7Njd8aPWW6dw4w

Malware Config

Targets

    • Target

      045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9N

    • Size

      1.3MB

    • MD5

      dda42ac9de8a5b0d6e7b79ec20f9e6d0

    • SHA1

      3cd61729bc16e83ce94b670d99b5aa9585af2e63

    • SHA256

      045391561a3b91524ce03adb59edeaa7861d3d0c37a4ab7dc02d559e899579d9

    • SHA512

      d5be7a374be347db56f689e943aa3d481066c948a947a1537a3b3a608997506469cf3397e15b5d495522c3452e1cfd5574273f177990fd7441c951b1deec0bc3

    • SSDEEP

      12288:GX+poQwy+f7zl7EGhP/nyXjnreHHWVocHLlIAYV0VbkQsYxiLkT3AYwj7Z2TErXX:iDZntnyXguVS/pYbJU7Njd8aPWW6dw4w

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks