General

  • Target

    e98f84a7d5a01be1f6ad4a01c9fe9ad94c91adebb7013f2eab03938fbb166e10

  • Size

    1.9MB

  • Sample

    240406-ep3ycsac3x

  • MD5

    54d19cb25e5207571a2f308e748304e5

  • SHA1

    02a52800527b7432c4bab00e0f64c4b6857a86ea

  • SHA256

    e98f84a7d5a01be1f6ad4a01c9fe9ad94c91adebb7013f2eab03938fbb166e10

  • SHA512

    9d7b513b8f455f8bdc6cb4a7a8c5265f32b2c6b4383642265449c0a29448e3ec5405fed9cbac56e848d576aa68608b91a3865117b4da61bbdeed1eee844888c6

  • SSDEEP

    49152:QMMmDSz1o8t/65jl8BFeXm9sV1LhQPUbfR91:QwYqusj6Bs1LGqfR91

Malware Config

Targets

    • Target

      e98f84a7d5a01be1f6ad4a01c9fe9ad94c91adebb7013f2eab03938fbb166e10

    • Size

      1.9MB

    • MD5

      54d19cb25e5207571a2f308e748304e5

    • SHA1

      02a52800527b7432c4bab00e0f64c4b6857a86ea

    • SHA256

      e98f84a7d5a01be1f6ad4a01c9fe9ad94c91adebb7013f2eab03938fbb166e10

    • SHA512

      9d7b513b8f455f8bdc6cb4a7a8c5265f32b2c6b4383642265449c0a29448e3ec5405fed9cbac56e848d576aa68608b91a3865117b4da61bbdeed1eee844888c6

    • SSDEEP

      49152:QMMmDSz1o8t/65jl8BFeXm9sV1LhQPUbfR91:QwYqusj6Bs1LGqfR91

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks