General

  • Target

    3ee6e5cab8762ec2cac26640e91c868d9e71dc6a065b0fdad27f68523abb1851N.exe

  • Size

    1.3MB

  • Sample

    241112-vd32zswjgz

  • MD5

    39b998dba520e733a3441f01f42a5bb0

  • SHA1

    57675599c96f94d82056178520456d9e71beea87

  • SHA256

    3ee6e5cab8762ec2cac26640e91c868d9e71dc6a065b0fdad27f68523abb1851

  • SHA512

    9777597328e1f6d210d2457c51a3a1927b411f2a5bdc7f69e902db9008fb9cd59c109ce20ead94230bddb280b894cc69f57b1a387512276651ed344aed9edeac

  • SSDEEP

    24576:O3Off5wLWJPXkPLe9SWkUWCAKSeRJJ6IDoh9GM64zxz3m:pfhd2/6WCZrtlWGM64h3m

Malware Config

Targets

    • Target

      3ee6e5cab8762ec2cac26640e91c868d9e71dc6a065b0fdad27f68523abb1851N.exe

    • Size

      1.3MB

    • MD5

      39b998dba520e733a3441f01f42a5bb0

    • SHA1

      57675599c96f94d82056178520456d9e71beea87

    • SHA256

      3ee6e5cab8762ec2cac26640e91c868d9e71dc6a065b0fdad27f68523abb1851

    • SHA512

      9777597328e1f6d210d2457c51a3a1927b411f2a5bdc7f69e902db9008fb9cd59c109ce20ead94230bddb280b894cc69f57b1a387512276651ed344aed9edeac

    • SSDEEP

      24576:O3Off5wLWJPXkPLe9SWkUWCAKSeRJJ6IDoh9GM64zxz3m:pfhd2/6WCZrtlWGM64h3m

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

MITRE ATT&CK Enterprise v15

Tasks