General

  • Target

    243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64

  • Size

    2.0MB

  • Sample

    240403-x6v8ysad5t

  • MD5

    2a5c8a10c408d503d20a3c56d946f7f9

  • SHA1

    2d476523e489d9219938b47ca515f4cb49bf0548

  • SHA256

    243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64

  • SHA512

    e6b64871bd9243f85a99eb0e758174c401bbd23149002ca73c13e210d418311351b43f8b271e680dc093d218c8bcb97d0c9eeba8bc84f9f3de103edc4cbc0a84

  • SSDEEP

    49152:AaiMM6Y4i10NIKCJOrvCfJ+YLGeJOPlKdwbUGa92P:gv113GvMDnqKObnn

Malware Config

Targets

    • Target

      243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64

    • Size

      2.0MB

    • MD5

      2a5c8a10c408d503d20a3c56d946f7f9

    • SHA1

      2d476523e489d9219938b47ca515f4cb49bf0548

    • SHA256

      243ead48342acc98600be9088323bc26bf73a82cf3e2cce5f4b6613a17d97b64

    • SHA512

      e6b64871bd9243f85a99eb0e758174c401bbd23149002ca73c13e210d418311351b43f8b271e680dc093d218c8bcb97d0c9eeba8bc84f9f3de103edc4cbc0a84

    • SSDEEP

      49152:AaiMM6Y4i10NIKCJOrvCfJ+YLGeJOPlKdwbUGa92P:gv113GvMDnqKObnn

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks