General

  • Target

    abe7cc92554b2defc6c336d5cafabe798f1f6c75076ccce897d6337fdbc42fd5.exe

  • Size

    10.6MB

  • Sample

    241114-xktg8ssbjq

  • MD5

    467e95c9a46987552925c47bc7b38916

  • SHA1

    3732116b8ef5ee6094ea49a0658dcb7a7adb2634

  • SHA256

    abe7cc92554b2defc6c336d5cafabe798f1f6c75076ccce897d6337fdbc42fd5

  • SHA512

    f79659b65bd565785c6ae5ac442a8e5c016cbda9968eea7267a7d281f13cfe04f6228e3e311a0ae7f7848d9e0e407cefc16001cd28bd7e631414d5bd206695b7

  • SSDEEP

    196608:FppMHcmWuVIdrgeXoNY9kRsYuXZx7bbWtKm2eRe2tfny7NY+Uvl7a9tJJwZ4OZ7c:Fppky+IJX9kIOATpYtl7a9ZwZBZY

Malware Config

Targets

    • Target

      abe7cc92554b2defc6c336d5cafabe798f1f6c75076ccce897d6337fdbc42fd5.exe

    • Size

      10.6MB

    • MD5

      467e95c9a46987552925c47bc7b38916

    • SHA1

      3732116b8ef5ee6094ea49a0658dcb7a7adb2634

    • SHA256

      abe7cc92554b2defc6c336d5cafabe798f1f6c75076ccce897d6337fdbc42fd5

    • SHA512

      f79659b65bd565785c6ae5ac442a8e5c016cbda9968eea7267a7d281f13cfe04f6228e3e311a0ae7f7848d9e0e407cefc16001cd28bd7e631414d5bd206695b7

    • SSDEEP

      196608:FppMHcmWuVIdrgeXoNY9kRsYuXZx7bbWtKm2eRe2tfny7NY+Uvl7a9tJJwZ4OZ7c:Fppky+IJX9kIOATpYtl7a9ZwZBZY

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks