General

  • Target

    0e15fc1876bf69d688a90238cb4a2cd102c763603ff6d726f6e7529d3065eb9f

  • Size

    1.5MB

  • Sample

    240403-w93lrshb7y

  • MD5

    2b4006c0fca4865b2078cfedbb07ecee

  • SHA1

    46b707b88391c78f395bdc98d45a928bc911d494

  • SHA256

    0e15fc1876bf69d688a90238cb4a2cd102c763603ff6d726f6e7529d3065eb9f

  • SHA512

    9e601a53b98de1f83be0b9f7f4960d4327c7c4b0a583b67812f80948239cfe6fb944ec095d694894afd9339bad64f33dd2bf7dc6bfea7ccf28e3f86c41ae4248

  • SSDEEP

    24576:7r/VFTZn47N5j5FV7J1BGMYwVxl0503tluZELDcTINdiajT0gsQC:/tF9cN5BJ1BGi30mLFkTUdiav0xQC

Malware Config

Targets

    • Target

      0e15fc1876bf69d688a90238cb4a2cd102c763603ff6d726f6e7529d3065eb9f

    • Size

      1.5MB

    • MD5

      2b4006c0fca4865b2078cfedbb07ecee

    • SHA1

      46b707b88391c78f395bdc98d45a928bc911d494

    • SHA256

      0e15fc1876bf69d688a90238cb4a2cd102c763603ff6d726f6e7529d3065eb9f

    • SHA512

      9e601a53b98de1f83be0b9f7f4960d4327c7c4b0a583b67812f80948239cfe6fb944ec095d694894afd9339bad64f33dd2bf7dc6bfea7ccf28e3f86c41ae4248

    • SSDEEP

      24576:7r/VFTZn47N5j5FV7J1BGMYwVxl0503tluZELDcTINdiajT0gsQC:/tF9cN5BJ1BGi30mLFkTUdiav0xQC

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks