General

  • Target

    09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358

  • Size

    800KB

  • Sample

    240403-w269zsgh7v

  • MD5

    1830f649fd2d2447c6bd8c825c9d2f00

  • SHA1

    eaf22d0d3a50625121edfae3616e3557c583569a

  • SHA256

    09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358

  • SHA512

    aeda0ea99b12fa7127145f6bd28c823d00ba9fef3a5dae5d357b7f49ff83434fdbdef4b9e02424d31c666cc2cd2c682e82b1e031e8a3225b623f0ca4ec50a715

  • SSDEEP

    24576:CvAqfEPWEg8FR+Us9Y6C95meFXt/9+uO7nt:TbuUeJ4mUUugt

Malware Config

Targets

    • Target

      09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358

    • Size

      800KB

    • MD5

      1830f649fd2d2447c6bd8c825c9d2f00

    • SHA1

      eaf22d0d3a50625121edfae3616e3557c583569a

    • SHA256

      09d08658282f25deb2db0428d15187a602bd0457b3a5a7e0c4d6d9ec3735e358

    • SHA512

      aeda0ea99b12fa7127145f6bd28c823d00ba9fef3a5dae5d357b7f49ff83434fdbdef4b9e02424d31c666cc2cd2c682e82b1e031e8a3225b623f0ca4ec50a715

    • SSDEEP

      24576:CvAqfEPWEg8FR+Us9Y6C95meFXt/9+uO7nt:TbuUeJ4mUUugt

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks