General
-
Target
1012ea9a9ad53ff3438058366404771c7995b404a6cf0a074f7f4f5b296b0612N
-
Size
1.5MB
-
Sample
241109-y35tnatqfn
-
MD5
92dcd66c5fa28c908374a51a47f82280
-
SHA1
3d4c2cdc87b7241db6b3f89d051ce095fba4c49e
-
SHA256
1012ea9a9ad53ff3438058366404771c7995b404a6cf0a074f7f4f5b296b0612
-
SHA512
b5b30f565f0707826e0e3cb51043411a6fd61e858eb87f719d8d46cf5e758cb40c7b7e1e7a106dba23effc1417e9739245d5a5e4539bc9ddef8691a801ba6f6a
-
SSDEEP
49152:rN2oCWRDIA4CRMT9B0jr4LpylrDEpdmEySStuPP8llijP:rNl4Cm2P4LpmAjySoWUlliT
Malware Config
Targets
-
-
Target
1012ea9a9ad53ff3438058366404771c7995b404a6cf0a074f7f4f5b296b0612N
-
Size
1.5MB
-
MD5
92dcd66c5fa28c908374a51a47f82280
-
SHA1
3d4c2cdc87b7241db6b3f89d051ce095fba4c49e
-
SHA256
1012ea9a9ad53ff3438058366404771c7995b404a6cf0a074f7f4f5b296b0612
-
SHA512
b5b30f565f0707826e0e3cb51043411a6fd61e858eb87f719d8d46cf5e758cb40c7b7e1e7a106dba23effc1417e9739245d5a5e4539bc9ddef8691a801ba6f6a
-
SSDEEP
49152:rN2oCWRDIA4CRMT9B0jr4LpylrDEpdmEySStuPP8llijP:rNl4Cm2P4LpmAjySoWUlliT
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
MITRE ATT&CK Enterprise v15
Persistence
Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1