General

  • Target

    PAP46E1UkZ.exe

  • Size

    17.0MB

  • Sample

    241112-p81bpawndk

  • MD5

    7e7f847852a496950c77e1447db6707f

  • SHA1

    d61640d53fc5bb541b21cfe47c73783a742096af

  • SHA256

    5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904

  • SHA512

    9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c

  • SSDEEP

    393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao

Malware Config

Targets

    • Target

      PAP46E1UkZ.exe

    • Size

      17.0MB

    • MD5

      7e7f847852a496950c77e1447db6707f

    • SHA1

      d61640d53fc5bb541b21cfe47c73783a742096af

    • SHA256

      5016c0cc22b287f5d5e87f0edb0983c1fd3dc186afdb0e65348840dbad164904

    • SHA512

      9ac0fb19500dda91c3aab9637dc79066987129605885a5c3c0e89d0919bf0c486f0ad1446119f716395a2a7d37157c33b7027823f072a0e888353b3905036e2c

    • SSDEEP

      393216:k9Yibm3W8kyFDfDg6c6Wz19PHE3+d9OUFwN1so:k9YibyW8DFb0VTz1RkOd9p6Ao

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks