General

  • Target

    8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333

  • Size

    674KB

  • Sample

    240407-28eq7shd7t

  • MD5

    a7bf21f281147ae629e716d69bbc4d86

  • SHA1

    6c322e9c3e12bf375c12bb414151c4644625807b

  • SHA256

    8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333

  • SHA512

    026d7e0bccaeb5cb75590f19f282a6e96cf0a554dad7616712be28f9e756df3c64288e841051b66ba413473e55a9ffe51f853a32b27709de5d28dbd6d6b2337b

  • SSDEEP

    12288:lXa8sURJv48EyDeRnn5rXWZu6zYSwerJPewWqQ:lq89Jv8yCBWZHzkerJWFz

Malware Config

Targets

    • Target

      8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333

    • Size

      674KB

    • MD5

      a7bf21f281147ae629e716d69bbc4d86

    • SHA1

      6c322e9c3e12bf375c12bb414151c4644625807b

    • SHA256

      8d9fde1db1c4e21189a4df3c20225a1c5c30dd1fa3374e7c038755645a006333

    • SHA512

      026d7e0bccaeb5cb75590f19f282a6e96cf0a554dad7616712be28f9e756df3c64288e841051b66ba413473e55a9ffe51f853a32b27709de5d28dbd6d6b2337b

    • SSDEEP

      12288:lXa8sURJv48EyDeRnn5rXWZu6zYSwerJPewWqQ:lq89Jv8yCBWZHzkerJWFz

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks