General

  • Target

    19869442691.zip

  • Size

    1.5MB

  • Sample

    241113-rtxncsxjcl

  • MD5

    50f75c0e998b4b5e862a8eafb0d48c21

  • SHA1

    05f987bdfb8bf6fe71d185c93fc6792cb4fc6126

  • SHA256

    fd26f76a15c5fabf943fab36a9dafa7f7cf8e1b6ba7df9e8f1a8c32a66a02144

  • SHA512

    5f3271d643939f65e60d8550bdbf884ecea6ea87212cfc37eacd0202dda4a8d2bc1691ba96df7de6ba96229344547ae465f5afa250cd42c2e0877d23184b06cf

  • SSDEEP

    49152:dngWVP7aaSyaXK/jwck8mnDTSxBT2G/2aNv0e:OWtOyaXKbdk8mKB2aGe

Malware Config

Targets

    • Target

      ef076834e4ea6c21f03c61039adfaaa7cb2628c84a490e90146f15283281b7d5

    • Size

      2.7MB

    • MD5

      3a4bbfa7a1cc6fba3a9f9943a7bc7539

    • SHA1

      bd55e8ffcd508e62070a5bf43d678863dd4696cc

    • SHA256

      ef076834e4ea6c21f03c61039adfaaa7cb2628c84a490e90146f15283281b7d5

    • SHA512

      0a6b76d924ebe9e413fc7c6df1fcaeee7e337244200b42e995909fc4778d6f99081721acc60ab00613570541fbfccb0ac578456ad122a2a7ec698dee36459352

    • SSDEEP

      49152:dt0WJo6iw2+BCBhyGDz7cep+/Cz3ddQn0xIpxg2Wv9SJu3DH3FrzWZH3FrzWe:gQi2E9KidQn0xIpxg2Wv9D3FrCl3FrCe

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks