General

  • Target

    7d73d1f7f725c8f8e2f22157479e8b04ea29e20e3dfccea5be2d600b4113bc03

  • Size

    75KB

  • Sample

    240407-2ltlvagh32

  • MD5

    2f675eae3e46548d4f9434deb337926f

  • SHA1

    6dca39f439c2cd49b8b6a9af51b502de6ae8940b

  • SHA256

    7d73d1f7f725c8f8e2f22157479e8b04ea29e20e3dfccea5be2d600b4113bc03

  • SHA512

    d79770f3d770f4c7edcf5c8c0db017ce5b56ea76fbe0a2f864d18f73c867532748f65dee9d5a05533a40dd0b9c463703f12d56ca90acfd02e455d7ecab7e42a6

  • SSDEEP

    1536:mx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3s:2OjWuyt0ZsqsXOKofHfHTXQLzgvnzHPE

Malware Config

Targets

    • Target

      7d73d1f7f725c8f8e2f22157479e8b04ea29e20e3dfccea5be2d600b4113bc03

    • Size

      75KB

    • MD5

      2f675eae3e46548d4f9434deb337926f

    • SHA1

      6dca39f439c2cd49b8b6a9af51b502de6ae8940b

    • SHA256

      7d73d1f7f725c8f8e2f22157479e8b04ea29e20e3dfccea5be2d600b4113bc03

    • SHA512

      d79770f3d770f4c7edcf5c8c0db017ce5b56ea76fbe0a2f864d18f73c867532748f65dee9d5a05533a40dd0b9c463703f12d56ca90acfd02e455d7ecab7e42a6

    • SSDEEP

      1536:mx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3s:2OjWuyt0ZsqsXOKofHfHTXQLzgvnzHPE

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks