General
-
Target
3cd4736e078626a00f2c36d6e5f09a1c.exe
-
Size
556KB
-
Sample
240106-mescwaehb2
-
MD5
3cd4736e078626a00f2c36d6e5f09a1c
-
SHA1
f7fddc294a13c78d12730dd1f4ee8c49055d1379
-
SHA256
3a7be50f09bf3dd2a494aae3c79c938cfb70c77b348dab82737f8d783e49193a
-
SHA512
e80e12af806220aed99a0dfa17d76ed35f05f174fe9e9b3ce5500fb80b0fa3379e507af133e644cf122397e1c83b76535d010ce7bfe005fb810dd66528e23e3e
-
SSDEEP
12288:07Lo8Rs90X41cnOOWB2KpyYK4BVqZDx2mpmHPW9GROsI8w:07L1yMgcnOds44Fp2PWUDI8
Malware Config
Targets
-
-
Target
3cd4736e078626a00f2c36d6e5f09a1c.exe
-
Size
556KB
-
MD5
3cd4736e078626a00f2c36d6e5f09a1c
-
SHA1
f7fddc294a13c78d12730dd1f4ee8c49055d1379
-
SHA256
3a7be50f09bf3dd2a494aae3c79c938cfb70c77b348dab82737f8d783e49193a
-
SHA512
e80e12af806220aed99a0dfa17d76ed35f05f174fe9e9b3ce5500fb80b0fa3379e507af133e644cf122397e1c83b76535d010ce7bfe005fb810dd66528e23e3e
-
SSDEEP
12288:07Lo8Rs90X41cnOOWB2KpyYK4BVqZDx2mpmHPW9GROsI8w:07L1yMgcnOds44Fp2PWUDI8
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3