General

  • Target

    8032da9c35a71beb5a5593ef71b2dfe8d6a7096c5b2a4d5e09e9468a4301c98b

  • Size

    28KB

  • Sample

    241109-3yjsvaxpfk

  • MD5

    fc7028093f5b39048ecff77e49c0da2c

  • SHA1

    d9f1a1e4c77205dc444d47a5ffb37cce725350c5

  • SHA256

    8032da9c35a71beb5a5593ef71b2dfe8d6a7096c5b2a4d5e09e9468a4301c98b

  • SHA512

    260b5e123aff13f0ad6c13fb3536ae9fd4993181c00c85d813f99308ea83530b164a9bd5b4c733bdb1f19d9539b0dd13d2bfa92dbfac1c176e61a72402d8b458

  • SSDEEP

    768:VOsOe+vfOM3ofGgTkqwsWQdNEgfavRVorMB75:VOsOeEO0FraavvT

Malware Config

Targets

    • Target

      8032da9c35a71beb5a5593ef71b2dfe8d6a7096c5b2a4d5e09e9468a4301c98b

    • Size

      28KB

    • MD5

      fc7028093f5b39048ecff77e49c0da2c

    • SHA1

      d9f1a1e4c77205dc444d47a5ffb37cce725350c5

    • SHA256

      8032da9c35a71beb5a5593ef71b2dfe8d6a7096c5b2a4d5e09e9468a4301c98b

    • SHA512

      260b5e123aff13f0ad6c13fb3536ae9fd4993181c00c85d813f99308ea83530b164a9bd5b4c733bdb1f19d9539b0dd13d2bfa92dbfac1c176e61a72402d8b458

    • SSDEEP

      768:VOsOe+vfOM3ofGgTkqwsWQdNEgfavRVorMB75:VOsOeEO0FraavvT

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks