General

  • Target

    21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b

  • Size

    385KB

  • Sample

    240403-x2pklsab9t

  • MD5

    1510c7e79d87db55f1a78fbc9349ad14

  • SHA1

    b8e0ea6ea4da8c22a56acbe968d2b3d530be4859

  • SHA256

    21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b

  • SHA512

    7131a2a990f0dc77f5aa8c67e135317e6cc1146834ade0c443d2cb727e380abbc38b251e55d79970fedb0e88cd3058b0dc04ffc87c96004d20f1a77af6ef88cc

  • SSDEEP

    6144:dXC4vgmhbIxs3NBB/EM4D7sJ5XyeY9+BpTNoSJ3/6bY0wAqMQ+vM0vi0ipad4O6i:dXCNi9BGMJ7nVF/60kqMVrvirs59

Malware Config

Targets

    • Target

      21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b

    • Size

      385KB

    • MD5

      1510c7e79d87db55f1a78fbc9349ad14

    • SHA1

      b8e0ea6ea4da8c22a56acbe968d2b3d530be4859

    • SHA256

      21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b

    • SHA512

      7131a2a990f0dc77f5aa8c67e135317e6cc1146834ade0c443d2cb727e380abbc38b251e55d79970fedb0e88cd3058b0dc04ffc87c96004d20f1a77af6ef88cc

    • SSDEEP

      6144:dXC4vgmhbIxs3NBB/EM4D7sJ5XyeY9+BpTNoSJ3/6bY0wAqMQ+vM0vi0ipad4O6i:dXCNi9BGMJ7nVF/60kqMVrvirs59

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks