General

  • Target

    80fb9237eb27f03d010c6f299557817882a4ec0d82f2c9fdfcece9271c7326b3

  • Size

    468KB

  • Sample

    240407-2q9hvsgg6x

  • MD5

    9506d9f8db1af8c7e643348eab620614

  • SHA1

    1dc2c941df747addcbfbf8e83bbf21289317af6f

  • SHA256

    80fb9237eb27f03d010c6f299557817882a4ec0d82f2c9fdfcece9271c7326b3

  • SHA512

    86b5b3b976ca69648c095e5a066512a7703e14f7db1fe3f802c4f888db8e3ddcfc9e3f04e1d66171662653e782ebbf0cb44a9170ea99c0b9d9c178b6d4a8522a

  • SSDEEP

    6144:VjluQoSv4DSIo5R4nM/40yiMg+xXLVEfe/4IwaQupkmDOflq3tj8xmTZaL7xlpmF:VEQoSfqzgUDbpEU8xUZUq69plf2dwO

Malware Config

Targets

    • Target

      80fb9237eb27f03d010c6f299557817882a4ec0d82f2c9fdfcece9271c7326b3

    • Size

      468KB

    • MD5

      9506d9f8db1af8c7e643348eab620614

    • SHA1

      1dc2c941df747addcbfbf8e83bbf21289317af6f

    • SHA256

      80fb9237eb27f03d010c6f299557817882a4ec0d82f2c9fdfcece9271c7326b3

    • SHA512

      86b5b3b976ca69648c095e5a066512a7703e14f7db1fe3f802c4f888db8e3ddcfc9e3f04e1d66171662653e782ebbf0cb44a9170ea99c0b9d9c178b6d4a8522a

    • SSDEEP

      6144:VjluQoSv4DSIo5R4nM/40yiMg+xXLVEfe/4IwaQupkmDOflq3tj8xmTZaL7xlpmF:VEQoSfqzgUDbpEU8xUZUq69plf2dwO

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks