General

  • Target

    28b93de022f4184f133849c52de66a0ab70aafb1621ed7b972f9a4de137d2508

  • Size

    746KB

  • Sample

    240403-ybgmraba33

  • MD5

    07c712ab97ad0964d38f7e5df61323fb

  • SHA1

    45809721c09f435ed4c1303847d3d9db0b29d449

  • SHA256

    28b93de022f4184f133849c52de66a0ab70aafb1621ed7b972f9a4de137d2508

  • SHA512

    6c1dfc2cd6bd69aea46d028cca7a1a51b56fbee6571692b502a598f57989fb1aa92d0873014c329303b0febfa389b8e3c9f05ecc56b863f3a4418527d9bf7d03

  • SSDEEP

    12288:A8EQoSM8rMmLF9yn08KYGhxvXZlqeZML3GeliG/FeLjee/ywi4i0ntV4DAOmMvpY:A8bMmLFAgY0xvpsnbRiG/Qee/ytBATM6

Malware Config

Targets

    • Target

      28b93de022f4184f133849c52de66a0ab70aafb1621ed7b972f9a4de137d2508

    • Size

      746KB

    • MD5

      07c712ab97ad0964d38f7e5df61323fb

    • SHA1

      45809721c09f435ed4c1303847d3d9db0b29d449

    • SHA256

      28b93de022f4184f133849c52de66a0ab70aafb1621ed7b972f9a4de137d2508

    • SHA512

      6c1dfc2cd6bd69aea46d028cca7a1a51b56fbee6571692b502a598f57989fb1aa92d0873014c329303b0febfa389b8e3c9f05ecc56b863f3a4418527d9bf7d03

    • SSDEEP

      12288:A8EQoSM8rMmLF9yn08KYGhxvXZlqeZML3GeliG/FeLjee/ywi4i0ntV4DAOmMvpY:A8bMmLFAgY0xvpsnbRiG/Qee/ytBATM6

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks