General

  • Target

    8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c

  • Size

    456KB

  • Sample

    240407-3bcq1shf87

  • MD5

    0e376dac7a237d031184d9f18308fea0

  • SHA1

    938e5b43ae55ad88a8f66438573f655c47c93755

  • SHA256

    8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c

  • SHA512

    370583a0da59615e0a1d420718c9c28e2361f9fc58c1ec564dd1d68cb6dc07262215f93de896165939cbfbbcba941e216af41fe5048bc05a221d793c36749b78

  • SSDEEP

    6144:JjluyDM3Io5R4nM/40yJN+IBhzIjC3U3d8L1dfvnp612KAtftk+LluhEKCJibaOg:JEyDMhqhQelkNyX3oAvuDC4aOg

Malware Config

Targets

    • Target

      8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c

    • Size

      456KB

    • MD5

      0e376dac7a237d031184d9f18308fea0

    • SHA1

      938e5b43ae55ad88a8f66438573f655c47c93755

    • SHA256

      8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c

    • SHA512

      370583a0da59615e0a1d420718c9c28e2361f9fc58c1ec564dd1d68cb6dc07262215f93de896165939cbfbbcba941e216af41fe5048bc05a221d793c36749b78

    • SSDEEP

      6144:JjluyDM3Io5R4nM/40yJN+IBhzIjC3U3d8L1dfvnp612KAtftk+LluhEKCJibaOg:JEyDMhqhQelkNyX3oAvuDC4aOg

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks