General

  • Target

    9abc124e6f1f0ee51e7d1e7fe273c698a541f392cb5864ddd786112cd3d3c202

  • Size

    674KB

  • Sample

    240407-3svm6aad49

  • MD5

    cb9afff5d9882cd99e5f79bbdf339469

  • SHA1

    9a6fd141585e4b901186b2da6eab6fbd7c7aae54

  • SHA256

    9abc124e6f1f0ee51e7d1e7fe273c698a541f392cb5864ddd786112cd3d3c202

  • SHA512

    139f081f40e74cc609d6074c33cdd6a8f6daa735c45372d0c68841adab0f567e47757818bf57bea0db8ab3905e4d15f0ea1bf8e47aee636a2d5aa85e0a437dbd

  • SSDEEP

    12288:bEQoSx0qhVENb1rYokTQzHB0rD/FpCxwC2bjkR8lpmkNxfkuz2KBC+6gA:bHvWN1Yo/2DtpCxF2bwDWsuSKBwX

Malware Config

Targets

    • Target

      9abc124e6f1f0ee51e7d1e7fe273c698a541f392cb5864ddd786112cd3d3c202

    • Size

      674KB

    • MD5

      cb9afff5d9882cd99e5f79bbdf339469

    • SHA1

      9a6fd141585e4b901186b2da6eab6fbd7c7aae54

    • SHA256

      9abc124e6f1f0ee51e7d1e7fe273c698a541f392cb5864ddd786112cd3d3c202

    • SHA512

      139f081f40e74cc609d6074c33cdd6a8f6daa735c45372d0c68841adab0f567e47757818bf57bea0db8ab3905e4d15f0ea1bf8e47aee636a2d5aa85e0a437dbd

    • SSDEEP

      12288:bEQoSx0qhVENb1rYokTQzHB0rD/FpCxwC2bjkR8lpmkNxfkuz2KBC+6gA:bHvWN1Yo/2DtpCxF2bwDWsuSKBwX

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks