General

  • Target

    593995d24730f261cde9c772b7fddbbc57b02d36418905ba7a95b78609d4a258.exe

  • Size

    560KB

  • Sample

    241107-pzqqwssejh

  • MD5

    c07d7ac8fc011dbb3afba52fcace0f3e

  • SHA1

    6ed0fe0a21e673e9df713e7724b74e7e499d4adc

  • SHA256

    593995d24730f261cde9c772b7fddbbc57b02d36418905ba7a95b78609d4a258

  • SHA512

    4a28aa6d074481a7d284f712b082280a68979363bcf11287d5fe60dad939f49a050d2b9153c05873e128b6d44cc6cdefeab9f4784f15dc11923d2c78361d7901

  • SSDEEP

    12288:SCfiaVM5GHMoVZYL0VCFQYAAA22zQ5I/slShaMZucL7kx:SYiJ5kVZglAB22zQ56LjG

Malware Config

Targets

    • Target

      593995d24730f261cde9c772b7fddbbc57b02d36418905ba7a95b78609d4a258.exe

    • Size

      560KB

    • MD5

      c07d7ac8fc011dbb3afba52fcace0f3e

    • SHA1

      6ed0fe0a21e673e9df713e7724b74e7e499d4adc

    • SHA256

      593995d24730f261cde9c772b7fddbbc57b02d36418905ba7a95b78609d4a258

    • SHA512

      4a28aa6d074481a7d284f712b082280a68979363bcf11287d5fe60dad939f49a050d2b9153c05873e128b6d44cc6cdefeab9f4784f15dc11923d2c78361d7901

    • SSDEEP

      12288:SCfiaVM5GHMoVZYL0VCFQYAAA22zQ5I/slShaMZucL7kx:SYiJ5kVZglAB22zQ56LjG

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks