General

  • Target

    PI-windows-x64-01.08.05.1353-20170809-t.exe

  • Size

    233.6MB

  • Sample

    241113-x33hvsxldx

  • MD5

    5de647abf6535d1fafd642e1b5ecbc16

  • SHA1

    e6445186e23577797feaf5cec7ce289e82af74a9

  • SHA256

    f02cafb2bd8c744573f5c3d0b870bef6c3b633132c72809f8ca89fc7e205d0dc

  • SHA512

    cad798b3cfe14784c5e5d99b03fec4bddd3b27664d8a0b10c706c5e2608062e4ace960b4a8b6dc69df307f3b6e8595f6d5bd13525d13e064377eeb60a2c12713

  • SSDEEP

    6291456:b7V7Ynk1babD8+AJbWhmdesQlCDLd+jcKm0Ab5f2f:b7VMisD8TJbwu+jcKhp

Malware Config

Targets

    • Target

      PI-windows-x64-01.08.05.1353-20170809-t.exe

    • Size

      233.6MB

    • MD5

      5de647abf6535d1fafd642e1b5ecbc16

    • SHA1

      e6445186e23577797feaf5cec7ce289e82af74a9

    • SHA256

      f02cafb2bd8c744573f5c3d0b870bef6c3b633132c72809f8ca89fc7e205d0dc

    • SHA512

      cad798b3cfe14784c5e5d99b03fec4bddd3b27664d8a0b10c706c5e2608062e4ace960b4a8b6dc69df307f3b6e8595f6d5bd13525d13e064377eeb60a2c12713

    • SSDEEP

      6291456:b7V7Ynk1babD8+AJbWhmdesQlCDLd+jcKm0Ab5f2f:b7VMisD8TJbwu+jcKhp

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Blocklisted process makes network request

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks