General

  • Target

    0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5

  • Size

    1.5MB

  • Sample

    240403-xbvnyahf52

  • MD5

    1e48a386bb362a574803573f08a4e346

  • SHA1

    0fd8352f5d9e64c5c5d80cccdb172ffb5ab6131e

  • SHA256

    0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5

  • SHA512

    175ff4f29468d102aeed8c2820a4cfc98ac03594274a21088ef61b8f38453ee121c7d5db61e83f9d201cff69eab5e3a0185d1138b4aa69805ca29bd56980f8e2

  • SSDEEP

    24576:YiW95yjJ5C4DVaSJursBuTnNklDE7wNnqpAWExnQVpZzGTeGfHB/rMw+ueZF7BJf:xWPcjNnJChYQ7InKPQnQVfCTlfB/r2uK

Malware Config

Targets

    • Target

      0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5

    • Size

      1.5MB

    • MD5

      1e48a386bb362a574803573f08a4e346

    • SHA1

      0fd8352f5d9e64c5c5d80cccdb172ffb5ab6131e

    • SHA256

      0f52c8cc0193a8b172bdbdbe9ce7c475f8e9bae09d4d00aa7ce02ca9236258a5

    • SHA512

      175ff4f29468d102aeed8c2820a4cfc98ac03594274a21088ef61b8f38453ee121c7d5db61e83f9d201cff69eab5e3a0185d1138b4aa69805ca29bd56980f8e2

    • SSDEEP

      24576:YiW95yjJ5C4DVaSJursBuTnNklDE7wNnqpAWExnQVpZzGTeGfHB/rMw+ueZF7BJf:xWPcjNnJChYQ7InKPQnQVfCTlfB/r2uK

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks