General

  • Target

    Archive.zip

  • Size

    31.0MB

  • Sample

    250119-wdhlqaymfs

  • MD5

    7c44108772263524b76537edd36402fa

  • SHA1

    7a32293033878a09e6e1762a62fe1c75756a42fc

  • SHA256

    c92ecc71e8edc4a226441f5af825bb37c4acd3066a9edd2957b9345609afa85a

  • SHA512

    0c61d323cbbc732cab20fecac73976b0cbdc7f99f08570645080782ad4d07dcb0415822f489abc35a7adbbb3bceaffd787f53a48193e6417e862623dfb25af67

  • SSDEEP

    786432:8YeDWQP7D4wUVuZX0hqFY9T3VtiLRo9279jltCuVnj:8ZWQP78HVuZX0hqFY9bVk1o927DtC6j

Malware Config

Targets

    • Target

      Archive.zip

    • Size

      31.0MB

    • MD5

      7c44108772263524b76537edd36402fa

    • SHA1

      7a32293033878a09e6e1762a62fe1c75756a42fc

    • SHA256

      c92ecc71e8edc4a226441f5af825bb37c4acd3066a9edd2957b9345609afa85a

    • SHA512

      0c61d323cbbc732cab20fecac73976b0cbdc7f99f08570645080782ad4d07dcb0415822f489abc35a7adbbb3bceaffd787f53a48193e6417e862623dfb25af67

    • SSDEEP

      786432:8YeDWQP7D4wUVuZX0hqFY9T3VtiLRo9279jltCuVnj:8ZWQP78HVuZX0hqFY9bVk1o927DtC6j

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks