General

  • Target

    dc864cd8c60ae62c9de8a7bb7f2ce1cb

  • Size

    2.4MB

  • Sample

    240321-y3ebpshc75

  • MD5

    dc864cd8c60ae62c9de8a7bb7f2ce1cb

  • SHA1

    3efc32b5630c132567c7042888ade059cd4dc2e8

  • SHA256

    116a01b1614550427748d89463cb0ef02561a0ac9dec0d76f82d5f45514aa1f0

  • SHA512

    d9e21b941383add9dfe33c785518539d06f4e8bfb6b196095636d1c1e8d4afcb348cb550271c9646f8314aa6393702ca7eaa2019abd203466178af76c4b64ee7

  • SSDEEP

    49152:Ms7EUiXXzyYMtUF9wUg7BqVoBvW2CEvylKKZXFIiOe+qQGpy:MVXzEA9bg7kVo82qXFcay

Malware Config

Targets

    • Target

      dc864cd8c60ae62c9de8a7bb7f2ce1cb

    • Size

      2.4MB

    • MD5

      dc864cd8c60ae62c9de8a7bb7f2ce1cb

    • SHA1

      3efc32b5630c132567c7042888ade059cd4dc2e8

    • SHA256

      116a01b1614550427748d89463cb0ef02561a0ac9dec0d76f82d5f45514aa1f0

    • SHA512

      d9e21b941383add9dfe33c785518539d06f4e8bfb6b196095636d1c1e8d4afcb348cb550271c9646f8314aa6393702ca7eaa2019abd203466178af76c4b64ee7

    • SSDEEP

      49152:Ms7EUiXXzyYMtUF9wUg7BqVoBvW2CEvylKKZXFIiOe+qQGpy:MVXzEA9bg7kVo82qXFcay

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks