General

  • Target

    5433c04586cf1ffbacad3b5cb1ed5694f0185035823a582b68adc6020c4c779a

  • Size

    133KB

  • Sample

    241108-2trr8atrfm

  • MD5

    0356b7bb07355265f73cbb010ae45041

  • SHA1

    9223d100e366a21ae395c9a7b64b13ddb236c389

  • SHA256

    5433c04586cf1ffbacad3b5cb1ed5694f0185035823a582b68adc6020c4c779a

  • SHA512

    9d5b7177b162135338946ba1bb90d264c646e799c7980f9355973585a73d94010a95b2f8704293d60919639bb142ae7a66205bb1c2927b88b52ff1b4c9a1ea43

  • SSDEEP

    1536:qpO1Ek93yAgfSQUVmHNnPJNAa37I1OcLLDF+2fqzQBZ0+7Pyry4xdWrY9omQ:KkAbf7NN3QL9HxEMIHv6Yc

Malware Config

Targets

    • Target

      5433c04586cf1ffbacad3b5cb1ed5694f0185035823a582b68adc6020c4c779a

    • Size

      133KB

    • MD5

      0356b7bb07355265f73cbb010ae45041

    • SHA1

      9223d100e366a21ae395c9a7b64b13ddb236c389

    • SHA256

      5433c04586cf1ffbacad3b5cb1ed5694f0185035823a582b68adc6020c4c779a

    • SHA512

      9d5b7177b162135338946ba1bb90d264c646e799c7980f9355973585a73d94010a95b2f8704293d60919639bb142ae7a66205bb1c2927b88b52ff1b4c9a1ea43

    • SSDEEP

      1536:qpO1Ek93yAgfSQUVmHNnPJNAa37I1OcLLDF+2fqzQBZ0+7Pyry4xdWrY9omQ:KkAbf7NN3QL9HxEMIHv6Yc

    • Modifies WinLogon for persistence

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Disables RegEdit via registry modification

    • Event Triggered Execution: Image File Execution Options Injection

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks