General

  • Target

    809b6722327c557bb1876d858ea456e83d8ba96e7bf152edd7d6862d9cc89507

  • Size

    1.2MB

  • Sample

    240407-2qskcagg5x

  • MD5

    15dd69fc16a7574a467bbec44e249c73

  • SHA1

    26edd830b6a678f30b5eb51e218cdd23b65af09f

  • SHA256

    809b6722327c557bb1876d858ea456e83d8ba96e7bf152edd7d6862d9cc89507

  • SHA512

    a5b926dd848295972bbed2c4543cfb368c893ec774a3c2bdbd95a27edc12ea4776cd1ea5584b545617650311164a219daa7d53119fea0ae348b7e7788cea6f71

  • SSDEEP

    24576:00XWJlByIooO5uaR+rq3qCiqFkIZLkNoaSRXxLO034p2P:lm3B/7OMaR+r2qCNFrLrRBLO5pw

Malware Config

Targets

    • Target

      809b6722327c557bb1876d858ea456e83d8ba96e7bf152edd7d6862d9cc89507

    • Size

      1.2MB

    • MD5

      15dd69fc16a7574a467bbec44e249c73

    • SHA1

      26edd830b6a678f30b5eb51e218cdd23b65af09f

    • SHA256

      809b6722327c557bb1876d858ea456e83d8ba96e7bf152edd7d6862d9cc89507

    • SHA512

      a5b926dd848295972bbed2c4543cfb368c893ec774a3c2bdbd95a27edc12ea4776cd1ea5584b545617650311164a219daa7d53119fea0ae348b7e7788cea6f71

    • SSDEEP

      24576:00XWJlByIooO5uaR+rq3qCiqFkIZLkNoaSRXxLO034p2P:lm3B/7OMaR+r2qCNFrLrRBLO5pw

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks