General

  • Target

    c7e3f4066bbe690721c689ac5ba20c501cc6c4044cca40e1839834570d8dc0c8

  • Size

    7.9MB

  • Sample

    241113-zlbpxsyfnh

  • MD5

    a2f20dd78d65d42ccf1c39d429e3952b

  • SHA1

    8587417f64458fd5e85d402606af74462e3afae2

  • SHA256

    c7e3f4066bbe690721c689ac5ba20c501cc6c4044cca40e1839834570d8dc0c8

  • SHA512

    f0c1338b1b5a211502402a62a6ae9a6c72e9b96bcb26f4154a05fcf75e836ac4773f80e7ca3fbe0f027528b4727ea674b44366357688cbca787ebee4cfafd674

  • SSDEEP

    98304:Kg49ZaYwsmJdj9PfPHXCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iaf7:KgP94NTx9Pe20/zkOiu1f+79YR0k

Malware Config

Targets

    • Target

      c7e3f4066bbe690721c689ac5ba20c501cc6c4044cca40e1839834570d8dc0c8

    • Size

      7.9MB

    • MD5

      a2f20dd78d65d42ccf1c39d429e3952b

    • SHA1

      8587417f64458fd5e85d402606af74462e3afae2

    • SHA256

      c7e3f4066bbe690721c689ac5ba20c501cc6c4044cca40e1839834570d8dc0c8

    • SHA512

      f0c1338b1b5a211502402a62a6ae9a6c72e9b96bcb26f4154a05fcf75e836ac4773f80e7ca3fbe0f027528b4727ea674b44366357688cbca787ebee4cfafd674

    • SSDEEP

      98304:Kg49ZaYwsmJdj9PfPHXCjNTEY9xFUkcVwNSHfbv/kOIhThw6Q1f+hl/hjY4+iaf7:KgP94NTx9Pe20/zkOiu1f+79YR0k

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks