General

  • Target

    3ac5f99224a92851c80fe4178fff6002.bin

  • Size

    23.5MB

  • Sample

    241112-bgrcta1epm

  • MD5

    1431b8a2af01c79c2666ed55e39ca9c5

  • SHA1

    0f017456cb457b536e7d9390a31dba13ae471152

  • SHA256

    03494c58a3c7baff5daa3970c28ee750ed7e5949e83be67a0780e95e0f7547d4

  • SHA512

    9d808aa6a5033ffe5cec03ac596bc50c8b9c6a0ed7e271e0b81c5b219ff90d25afb99248d7d32a093781fac7bfe2c20ed2bbc5636a6f967a07058cc31e46e59a

  • SSDEEP

    393216:CJzJWwDjX6Fw6fd/RwL2eic+0OKszo2GhkPt1Q9BrWUhv9VVDIIEvgxvV:C1E+jOnRRDZlBzV/t1QLKaviIEvgj

Malware Config

Targets

    • Target

      a21cd46fbedb13199e3675a4ee14af9914547d237342fca0c8cd8022a7888363.exe

    • Size

      23.7MB

    • MD5

      3ac5f99224a92851c80fe4178fff6002

    • SHA1

      20eae332be7470533009e2a0f28412463acb1f06

    • SHA256

      a21cd46fbedb13199e3675a4ee14af9914547d237342fca0c8cd8022a7888363

    • SHA512

      273ac0822ed0aae191333df6ebfca136e7dd87a910b11343fffefd96b37f2f4d25824a1e5f7708e01bf8bd19466b9a0bab2437b21a672e2e846ad6c3e6b3dcab

    • SSDEEP

      393216:oAZ/msYXMrZme4GaBWbBFcCdq1auXYKKJo1/uG8IQKqSgjqgeMW5+74:oAZ/mlXKZmWaYFqoBo1uG8N/jReMD4

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks