General

  • Target

    eefe0f0c74bf79fffa8e525108d0019ac66c446fee63c808ad10361823634810

  • Size

    420KB

  • Sample

    240406-ey543sad5z

  • MD5

    71094214f915b20fc17696e06cfeeadf

  • SHA1

    fb2fb4b233ea32c824f64268119d6fb7f6b84384

  • SHA256

    eefe0f0c74bf79fffa8e525108d0019ac66c446fee63c808ad10361823634810

  • SHA512

    d07f2e814e68e633c241ae98f53098237677d7d6e5edfacbf96eb7da5873abf1ed401d590a6b4cc1fb2f55e873683d257d18f129e2b79434fc03e339c8b054b0

  • SSDEEP

    6144:NPDLCLqIo5R4nM/4pATrA2/eAOfidfRMgMMkjdTlqNpIOA707SoXnP9eMHW5JeI+:NPKL+qBPAOfiTM9txMjy707SMPYMHo4

Malware Config

Targets

    • Target

      eefe0f0c74bf79fffa8e525108d0019ac66c446fee63c808ad10361823634810

    • Size

      420KB

    • MD5

      71094214f915b20fc17696e06cfeeadf

    • SHA1

      fb2fb4b233ea32c824f64268119d6fb7f6b84384

    • SHA256

      eefe0f0c74bf79fffa8e525108d0019ac66c446fee63c808ad10361823634810

    • SHA512

      d07f2e814e68e633c241ae98f53098237677d7d6e5edfacbf96eb7da5873abf1ed401d590a6b4cc1fb2f55e873683d257d18f129e2b79434fc03e339c8b054b0

    • SSDEEP

      6144:NPDLCLqIo5R4nM/4pATrA2/eAOfidfRMgMMkjdTlqNpIOA707SoXnP9eMHW5JeI+:NPKL+qBPAOfiTM9txMjy707SMPYMHo4

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks