General

  • Target

    f7110b1def06d7380d583ef5902076e986cc1688a1c1f21a5fe8f0576b3a9e4c

  • Size

    4.5MB

  • Sample

    241109-alzpbatamq

  • MD5

    bc34bbf9bbc22725248229de6a153cba

  • SHA1

    764226da9f3fb07c0c78124b7407765a5497d038

  • SHA256

    f7110b1def06d7380d583ef5902076e986cc1688a1c1f21a5fe8f0576b3a9e4c

  • SHA512

    513ce9e9773f55b4c1b34dc4978d3f38dffcef86ac0e078fcb65ae1057a9d225a0a07d66d6e2b041814836a853d9a417bf33ce4b24aecacc280af8333398b47e

  • SSDEEP

    98304:s7RLVCLAzNkR7ff7Nu728XAmVsWGrGKB7z1E5P+KxM/UGscfJdW9L:kRCUgFA2xivLKB7z1E52Kask8L

Malware Config

Targets

    • Target

      client.bin

    • Size

      4.7MB

    • MD5

      30cbe96960eaf1c4eee427b5014db6c9

    • SHA1

      322f4cf4a94c5d63d9f23dad150e35e4337f5a64

    • SHA256

      7f943d80aa07781b55d73dfae0da2f256451ad8d887b9b45971348f18adcf54d

    • SHA512

      c76c38b85d39f16c7d7b74957cca76e18466c49f25623d1f1427bc197d2a5da01f8829cbd9bbd15563e3e81ba64758ba161607bfc72d84990d6153b25d978ec0

    • SSDEEP

      98304:lySJwKh550KM2nFn92DyghSGDiMM0+URlrea8aiXqy2SCf:lFRs2nFs3ie+Sdea8Cf

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks