General

  • Target

    84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac

  • Size

    112KB

  • Sample

    240407-2xa9mshb89

  • MD5

    dea6a21fca8d03e7b71eabcceb7c2c41

  • SHA1

    6e515ce39ae5853af1680de5e435e72e6577b652

  • SHA256

    84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac

  • SHA512

    c3f2e58444645ac62ae137a8d974bf9862967ec689f3b123992a82e1a9d5f2f1dbc7c4ba1faad42b08e2417b5a22f59fea71d614c632b77fbffdcacb033a57d4

  • SSDEEP

    1536:t1RVCaKgzbLc54hukfgvYnouy8HY3mx3D4EsLB2Q1M1BIsDYG:t/jbLl/gvQoutHY44psQ1M1aWYG

Malware Config

Targets

    • Target

      84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac

    • Size

      112KB

    • MD5

      dea6a21fca8d03e7b71eabcceb7c2c41

    • SHA1

      6e515ce39ae5853af1680de5e435e72e6577b652

    • SHA256

      84f1eb2052698e0b24f256af1ca48fbbc44ce217377a35b24790b3feb73427ac

    • SHA512

      c3f2e58444645ac62ae137a8d974bf9862967ec689f3b123992a82e1a9d5f2f1dbc7c4ba1faad42b08e2417b5a22f59fea71d614c632b77fbffdcacb033a57d4

    • SSDEEP

      1536:t1RVCaKgzbLc54hukfgvYnouy8HY3mx3D4EsLB2Q1M1BIsDYG:t/jbLl/gvQoutHY44psQ1M1aWYG

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks