General

  • Target

    577b677b28742b60ebb4509850e317ed9fb0f2d6cbfc906ae86403a1d38d47b3

  • Size

    1.4MB

  • Sample

    220724-13advsadbr

  • MD5

    7d3d1449d6af7280aec5c44bdb1b0a5b

  • SHA1

    5790d8615af5e7208cdc6f2d807ef83cde48e61b

  • SHA256

    577b677b28742b60ebb4509850e317ed9fb0f2d6cbfc906ae86403a1d38d47b3

  • SHA512

    6d3af81dff4872e758dc1063b1ff4fa3a81b5d79c587dae376c86f720adc2d42fc41028749b4ebc727771571f637e7d1c70ccbb94ad2317901bd6bae95d9e954

Malware Config

Targets

    • Target

      577b677b28742b60ebb4509850e317ed9fb0f2d6cbfc906ae86403a1d38d47b3

    • Size

      1.4MB

    • MD5

      7d3d1449d6af7280aec5c44bdb1b0a5b

    • SHA1

      5790d8615af5e7208cdc6f2d807ef83cde48e61b

    • SHA256

      577b677b28742b60ebb4509850e317ed9fb0f2d6cbfc906ae86403a1d38d47b3

    • SHA512

      6d3af81dff4872e758dc1063b1ff4fa3a81b5d79c587dae376c86f720adc2d42fc41028749b4ebc727771571f637e7d1c70ccbb94ad2317901bd6bae95d9e954

    • suricata: ET MALWARE Win32/Kelihos.F Checkin

      suricata: ET MALWARE Win32/Kelihos.F Checkin

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks