General

  • Target

    baa56e574d8deed445d0e58487add9d429d60bbb1b39943c581bcf50e9bd91d6.exe

  • Size

    13.8MB

  • Sample

    241114-xlbzksvqbn

  • MD5

    b6ab13b3b9903bf84327737ba227bab3

  • SHA1

    65dff8665b502ba33f3effb8430263e4f906c1c0

  • SHA256

    baa56e574d8deed445d0e58487add9d429d60bbb1b39943c581bcf50e9bd91d6

  • SHA512

    6f6ec1217e14f96a52cfa314327a09bfe74199fa0a85d94f0bd5381a0af7c96ac26ba8b5506663f76473c0714609c80d58cb86bde73888cfd6ea15060793f5c7

  • SSDEEP

    393216:iV02/4ExIEv64hlETqr+lUjUTRbjrA80VjPmd:iC2/Px/vxgWClU4TtjqVb8

Malware Config

Targets

    • Target

      baa56e574d8deed445d0e58487add9d429d60bbb1b39943c581bcf50e9bd91d6.exe

    • Size

      13.8MB

    • MD5

      b6ab13b3b9903bf84327737ba227bab3

    • SHA1

      65dff8665b502ba33f3effb8430263e4f906c1c0

    • SHA256

      baa56e574d8deed445d0e58487add9d429d60bbb1b39943c581bcf50e9bd91d6

    • SHA512

      6f6ec1217e14f96a52cfa314327a09bfe74199fa0a85d94f0bd5381a0af7c96ac26ba8b5506663f76473c0714609c80d58cb86bde73888cfd6ea15060793f5c7

    • SSDEEP

      393216:iV02/4ExIEv64hlETqr+lUjUTRbjrA80VjPmd:iC2/Px/vxgWClU4TtjqVb8

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks