General
-
Target
sample
-
Size
18KB
-
Sample
241120-x2xwzswndj
-
MD5
2111680fee2c128b700237325a3c495d
-
SHA1
1be4fe6da918c1fd66228ed68e5499359faf9b00
-
SHA256
ae97c237390f8a2c052f46ecd8a650c296bef4a90371350b0d391bd7b5c90c35
-
SHA512
7af6a268834b85ec5aabd10680751b17f0b889322816f56267c18a9f1e4aa9e91fb1e3f1cec783d3458134b7270a645bf73c4c41d13601f02295fc73c4c5c96b
-
SSDEEP
384:kV1ocy4yoJ4lbGafMvhpNboTlJKRlObz6r0sZmL2fN1xCejiw:C1ocy4yoCEakJpNETNbz6r0sZmLULxPF
Malware Config
Targets
-
-
Target
sample
-
Size
18KB
-
MD5
2111680fee2c128b700237325a3c495d
-
SHA1
1be4fe6da918c1fd66228ed68e5499359faf9b00
-
SHA256
ae97c237390f8a2c052f46ecd8a650c296bef4a90371350b0d391bd7b5c90c35
-
SHA512
7af6a268834b85ec5aabd10680751b17f0b889322816f56267c18a9f1e4aa9e91fb1e3f1cec783d3458134b7270a645bf73c4c41d13601f02295fc73c4c5c96b
-
SSDEEP
384:kV1ocy4yoJ4lbGafMvhpNboTlJKRlObz6r0sZmL2fN1xCejiw:C1ocy4yoCEakJpNETNbz6r0sZmLULxPF
Score8/10-
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: web-vitals@3
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Mark of the Web detected: This indicates that the page was originally saved or cloned.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1