General

  • Target

    1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a

  • Size

    342KB

  • Sample

    240403-xpdmkshg6y

  • MD5

    4872e250d951de9ac7a051824be7d500

  • SHA1

    4722437fbb8e4669d4b13333d762020e14a6c46f

  • SHA256

    1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a

  • SHA512

    425ce2c02af68e3845c80c2ae7b9f29d5c438824742f180523803f7512d43aa4a3d9c3cedddd8d7d4d277d688eb6dd1dc43e38464feac42aefed655ee74d7458

  • SSDEEP

    6144:JjluyDM3Io5R4nM/40yJNvpIG4bPyylZZewFZ4gJHshCPhio2JDEq3K4kIsuBc:JEyDMhqhtpn4bqylZnF9JHQq52K4kR3

Malware Config

Targets

    • Target

      1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a

    • Size

      342KB

    • MD5

      4872e250d951de9ac7a051824be7d500

    • SHA1

      4722437fbb8e4669d4b13333d762020e14a6c46f

    • SHA256

      1804540d1670d8d4c8a1ff4055cc25612e83bd25034d92501674cb6530b6f84a

    • SHA512

      425ce2c02af68e3845c80c2ae7b9f29d5c438824742f180523803f7512d43aa4a3d9c3cedddd8d7d4d277d688eb6dd1dc43e38464feac42aefed655ee74d7458

    • SSDEEP

      6144:JjluyDM3Io5R4nM/40yJNvpIG4bPyylZZewFZ4gJHshCPhio2JDEq3K4kIsuBc:JEyDMhqhtpn4bqylZnF9JHQq52K4kR3

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks