General

  • Target

    1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc

  • Size

    120KB

  • Sample

    240403-xxr5yaaa9t

  • MD5

    33704745a806b87d94d722adecccf3aa

  • SHA1

    b6fce606a452eb5acccdea7d1607c99b22dc270a

  • SHA256

    1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc

  • SHA512

    af9d037dcddbee3ab6bf6aac4a044136d639ad3aa39ed85ec8feb64bac794b9098d3a88d84d609618b7df79f3e39bafc715c139d3f294300c716b01b04f746ea

  • SSDEEP

    1536:YRVCaKgzbLc54hukfgvYnouy8tUnYeGJ34Eim+8Ws9qZ9glQm2:gjbLl/gvQouttCYnH+GAZaX2

Malware Config

Targets

    • Target

      1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc

    • Size

      120KB

    • MD5

      33704745a806b87d94d722adecccf3aa

    • SHA1

      b6fce606a452eb5acccdea7d1607c99b22dc270a

    • SHA256

      1e92d8bda5ce94680a5f3ea4b52eb38d8ab0933cbe1a054eabc3cda2903ffddc

    • SHA512

      af9d037dcddbee3ab6bf6aac4a044136d639ad3aa39ed85ec8feb64bac794b9098d3a88d84d609618b7df79f3e39bafc715c139d3f294300c716b01b04f746ea

    • SSDEEP

      1536:YRVCaKgzbLc54hukfgvYnouy8tUnYeGJ34Eim+8Ws9qZ9glQm2:gjbLl/gvQouttCYnH+GAZaX2

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks