General

  • Target

    0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5

  • Size

    1.9MB

  • Sample

    240403-w4jayahc99

  • MD5

    4e221d041d5ee23892fde0844fd995c7

  • SHA1

    44f8ff646a34b9e041f639bb23b21c47aff547d4

  • SHA256

    0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5

  • SHA512

    ff870183dcbc285bd04023a57bd0d25c8fc564d7247960e4da07f86fec3e85051edf6a2993444949f621e60bf1b38474c257a326f3bf81fa9622a5b0fc5427e7

  • SSDEEP

    49152:54VWxxha0+QLXFsc9sz/m2k3HKPqcutQA2NADTb:mGIQLidjk31cOQhNADv

Malware Config

Targets

    • Target

      0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5

    • Size

      1.9MB

    • MD5

      4e221d041d5ee23892fde0844fd995c7

    • SHA1

      44f8ff646a34b9e041f639bb23b21c47aff547d4

    • SHA256

      0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5

    • SHA512

      ff870183dcbc285bd04023a57bd0d25c8fc564d7247960e4da07f86fec3e85051edf6a2993444949f621e60bf1b38474c257a326f3bf81fa9622a5b0fc5427e7

    • SSDEEP

      49152:54VWxxha0+QLXFsc9sz/m2k3HKPqcutQA2NADTb:mGIQLidjk31cOQhNADv

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks