Resubmissions

14/01/2024, 02:19 UTC

240114-csct8sachp 8

31/12/2023, 19:07 UTC

231231-xsrnlscfdj 8

General

  • Target

    RogueKiller_setup.exe

  • Size

    45.6MB

  • Sample

    231231-xsrnlscfdj

  • MD5

    cfecd53411665143798a57b8986c46dc

  • SHA1

    156213b283a4785cb703faf2cbf5652ef534e36d

  • SHA256

    c6ba4aed326371d060de64f65b0093af955059b75fbe1f07975d9065bb14a459

  • SHA512

    3e2417f5555d692a7ecd9872be83c35f8ef1b0abdae29ea3f75b59902dc8cd762b53bff2ccb768eade33caf0d5977000f8e05d6baa554c93c52353c9d52108f2

  • SSDEEP

    786432:KHrkPtFKzg9pIv/VuicHlALX1hnyRgZBqFZCcOvz/hGkpjbgi7WP7ywDcgiMjizi:KsIz4aVhcqbS4BqFpOvz/tpj8P7yw9Oi

Malware Config

Targets

    • Target

      RogueKiller_setup.exe

    • Size

      45.6MB

    • MD5

      cfecd53411665143798a57b8986c46dc

    • SHA1

      156213b283a4785cb703faf2cbf5652ef534e36d

    • SHA256

      c6ba4aed326371d060de64f65b0093af955059b75fbe1f07975d9065bb14a459

    • SHA512

      3e2417f5555d692a7ecd9872be83c35f8ef1b0abdae29ea3f75b59902dc8cd762b53bff2ccb768eade33caf0d5977000f8e05d6baa554c93c52353c9d52108f2

    • SSDEEP

      786432:KHrkPtFKzg9pIv/VuicHlALX1hnyRgZBqFZCcOvz/hGkpjbgi7WP7ywDcgiMjizi:KsIz4aVhcqbS4BqFpOvz/tpj8P7yw9Oi

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.