General

  • Target

    c1e76af376454bab05e44634ca4e017e7607e41c9df6e067162d28064a1c7cd6

  • Size

    145KB

  • Sample

    241123-dx4desxkhv

  • MD5

    913458a5e9eb4026c62609375b534227

  • SHA1

    9739ae38effef090b3b558531e01bf2252bd018f

  • SHA256

    c1e76af376454bab05e44634ca4e017e7607e41c9df6e067162d28064a1c7cd6

  • SHA512

    5b653989cafdbd586216ccd11d243001b066b044df93478f574577f170b72a84b3831c89933c023ac458d8c2d4fb2fe4cdfcac0608806258150c3df101a79275

  • SSDEEP

    1536:DzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDXcl74OOjAp31AyNpCSV6O9xv2T:cqJogYkcSNm9V7DG98YlXjCSV6O9R2T

Malware Config

Targets

    • Target

      c1e76af376454bab05e44634ca4e017e7607e41c9df6e067162d28064a1c7cd6

    • Size

      145KB

    • MD5

      913458a5e9eb4026c62609375b534227

    • SHA1

      9739ae38effef090b3b558531e01bf2252bd018f

    • SHA256

      c1e76af376454bab05e44634ca4e017e7607e41c9df6e067162d28064a1c7cd6

    • SHA512

      5b653989cafdbd586216ccd11d243001b066b044df93478f574577f170b72a84b3831c89933c023ac458d8c2d4fb2fe4cdfcac0608806258150c3df101a79275

    • SSDEEP

      1536:DzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDXcl74OOjAp31AyNpCSV6O9xv2T:cqJogYkcSNm9V7DG98YlXjCSV6O9R2T

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks