Resubmissions
13/03/2024, 11:40
240313-nst93adh28 7General
-
Target
sample_J3.EXE
-
Size
1.7MB
-
Sample
240313-nst93adh28
-
MD5
17dbc1e3d9a3fa0039d0ad6f95dae05d
-
SHA1
18f13b78cb94661f643fd239c15ce707067c489b
-
SHA256
1b6a5a493307c03e4a57f63db56fdd71af14b3fc45656d433c6675d7472c115a
-
SHA512
6767362c778c784863c446c4b7b1d197b0f915ff32c07de82062462a0274f671f61b6cc400e11f81d0e4e2d8e13a47a045d5917d3e88dec27c9ed232dd1a7984
-
SSDEEP
49152:23UGYQHBlWm04PTvIqyvMJZMt4EhAxaQ6i2:6UMlw4P7WEfaQ6/
Malware Config
Targets
-
-
Target
sample_J3.EXE
-
Size
1.7MB
-
MD5
17dbc1e3d9a3fa0039d0ad6f95dae05d
-
SHA1
18f13b78cb94661f643fd239c15ce707067c489b
-
SHA256
1b6a5a493307c03e4a57f63db56fdd71af14b3fc45656d433c6675d7472c115a
-
SHA512
6767362c778c784863c446c4b7b1d197b0f915ff32c07de82062462a0274f671f61b6cc400e11f81d0e4e2d8e13a47a045d5917d3e88dec27c9ed232dd1a7984
-
SSDEEP
49152:23UGYQHBlWm04PTvIqyvMJZMt4EhAxaQ6i2:6UMlw4P7WEfaQ6/
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1