General

  • Target

    a8792f56e1551e5d640be438830297e1e8a2503201e8b41062d4e2ba99131fd9

  • Size

    1.4MB

  • Sample

    241111-g1kbhaxrap

  • MD5

    01258eaa51c084ea92b1d48312e06146

  • SHA1

    274d0e2a86fcadb7409e1d442cc5824067e92708

  • SHA256

    a8792f56e1551e5d640be438830297e1e8a2503201e8b41062d4e2ba99131fd9

  • SHA512

    b4467cec707bc6e0c9df4fa6b2ec57551f33a279044af9d1ff0546520b0b97aaa30d858c41908146dc983521689ef48e8649eaa5197cb219da006f9fbbf1a1fa

  • SSDEEP

    24576:DA47OY0YbK49/8PMc9ttisJ9cwlCTZHCPDyVMxAvSUIqBfPuEtoSW1gYULYtNxXp:UC3P2JJ9ttvJoHfVMxAzBfmEaOYULwND

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      1.6MB

    • MD5

      ce6eaa52767b2df78b34519231966588

    • SHA1

      ab32d09951189022a1a39e9204ec9ce2926b3fcf

    • SHA256

      40924781ba072ea88bd7cad3f6d2a48e87f370e1c1ee334a3415dd26b5ea17e5

    • SHA512

      36a09fe704823d6db5d0982d761ba1976c940b82b7c1ca650627d66e16b420612b78c761f2ed00e533453eeb2dd7e431cf47b0c2cf826354aa6e779fda531067

    • SSDEEP

      24576:Kqahn0IQ3i57AmG8W7+IZ0nwwoNR2+uBL8hxCMcIYwTxKAyuxCQyD2uG8wT5ngZx:KasHPBQxC/wTW2owTdIfpSKc

    • Modifies Windows Defender Real-time Protection settings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      rkill.exe

    • Size

      1.7MB

    • MD5

      6d622dcc87edc9a7b10d35372ade816b

    • SHA1

      47d98825b03c507b85dec02a2297e03ebc925f30

    • SHA256

      d4ac5b3c525a5fd94019d80ff81b552e73b19b1bd0a554b9609cdd5e1b00955a

    • SHA512

      ed06f872a7c66ffeeb8cb8f6fedca06ccabf623f9cd188c4c7105428e8d6521ef8da0bac0564e14d2da914d2846369a9c04577a8cf7fb80cb62831e5497f2a58

    • SSDEEP

      49152:KpEsgw14kZV2HXsMnmjEREseBSsxHnfXsrHYi2Yijig:0wYJYW

    • Drops file in Drivers directory

MITRE ATT&CK Enterprise v15

Tasks