General

  • Target

    OperaGXSetup.exe

  • Size

    3.2MB

  • Sample

    240205-nelqrsgdgj

  • MD5

    24c1ed4a6804f1bd744a90ce134d93ae

  • SHA1

    176a735f411b1629d2b8aa060925cbd8bb7f040b

  • SHA256

    bc57196e3f7298c2825d20f54253c50e3d6a53f11b16e14bb329d25fc0cb9ecd

  • SHA512

    4d0b0dc303ae351f524114cb040dc02fc3973583a70695d484bba536a01c2c5bfd85dc21ef25d81a8083984b7e971e5c1a45ad5c0167de6a18d4c948965798f7

  • SSDEEP

    98304:QknNXrW/do46OjQl1GwZOaAGWTpzrBlyWnrHzEBY7GVA:QUW/dk4QvIr/laY7GVA

Malware Config

Targets

    • Target

      OperaGXSetup.exe

    • Size

      3.2MB

    • MD5

      24c1ed4a6804f1bd744a90ce134d93ae

    • SHA1

      176a735f411b1629d2b8aa060925cbd8bb7f040b

    • SHA256

      bc57196e3f7298c2825d20f54253c50e3d6a53f11b16e14bb329d25fc0cb9ecd

    • SHA512

      4d0b0dc303ae351f524114cb040dc02fc3973583a70695d484bba536a01c2c5bfd85dc21ef25d81a8083984b7e971e5c1a45ad5c0167de6a18d4c948965798f7

    • SSDEEP

      98304:QknNXrW/do46OjQl1GwZOaAGWTpzrBlyWnrHzEBY7GVA:QUW/dk4QvIr/laY7GVA

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks