General

  • Target

    7ed8f1f354dc7999138cd01e5e55cbc59ec294256fcf92bf7bb5465e5dd06858

  • Size

    89KB

  • Sample

    240407-2nr6ssgh82

  • MD5

    da1db2658317b4e264f7719bcd353a48

  • SHA1

    0eff2a0e3710bc3288187e9c2255799e3588455d

  • SHA256

    7ed8f1f354dc7999138cd01e5e55cbc59ec294256fcf92bf7bb5465e5dd06858

  • SHA512

    47881570e9075a73ee1d7cacae432d12e466808a6ffd26c1dac1463e1498e30be2d8932da1d2cec9d2c1ef783b7c0bbbcd7ca195cdb6ffc064eafba738c36d95

  • SSDEEP

    1536:0rRVCaKgzbLc54hukfgvYnouy8EV1Ayj4m/QWR/RJbi1:0ljbLl/gvQout41Tj4mYWR/RE1

Malware Config

Targets

    • Target

      7ed8f1f354dc7999138cd01e5e55cbc59ec294256fcf92bf7bb5465e5dd06858

    • Size

      89KB

    • MD5

      da1db2658317b4e264f7719bcd353a48

    • SHA1

      0eff2a0e3710bc3288187e9c2255799e3588455d

    • SHA256

      7ed8f1f354dc7999138cd01e5e55cbc59ec294256fcf92bf7bb5465e5dd06858

    • SHA512

      47881570e9075a73ee1d7cacae432d12e466808a6ffd26c1dac1463e1498e30be2d8932da1d2cec9d2c1ef783b7c0bbbcd7ca195cdb6ffc064eafba738c36d95

    • SSDEEP

      1536:0rRVCaKgzbLc54hukfgvYnouy8EV1Ayj4m/QWR/RJbi1:0ljbLl/gvQout41Tj4mYWR/RE1

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks