General

  • Target

    1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b

  • Size

    332KB

  • Sample

    240403-xr1vwsac95

  • MD5

    2c7509903bc0eade4f46babbfccb21f2

  • SHA1

    7085ca3f6ee7b953f01259586e9b900b42e4cdd0

  • SHA256

    1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b

  • SHA512

    6680b60a2ee0e8363c4b76426bc2b332eb7b377ffd701ad3262b75f06d024b6c634e8587dd75a5fae1aeefb17d8bf0a72977ce1f90e02c4e33d13c90066af29a

  • SSDEEP

    6144:bjluQoSsqaxIo5R4nM/Thz5bdboSK9OHAl5SjRfraLPhPRgqllyTPCYwjKpFGyNS:bEQoSx0q2ZfKsgLS9frghGqjyTPojKPQ

Malware Config

Targets

    • Target

      1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b

    • Size

      332KB

    • MD5

      2c7509903bc0eade4f46babbfccb21f2

    • SHA1

      7085ca3f6ee7b953f01259586e9b900b42e4cdd0

    • SHA256

      1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b

    • SHA512

      6680b60a2ee0e8363c4b76426bc2b332eb7b377ffd701ad3262b75f06d024b6c634e8587dd75a5fae1aeefb17d8bf0a72977ce1f90e02c4e33d13c90066af29a

    • SSDEEP

      6144:bjluQoSsqaxIo5R4nM/Thz5bdboSK9OHAl5SjRfraLPhPRgqllyTPCYwjKpFGyNS:bEQoSx0q2ZfKsgLS9frghGqjyTPojKPQ

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks