General

  • Target

    9bf8120f901ef088378604c89e6e7bb8b77d026faa0b0a1ffdb4aa30e5a40580

  • Size

    274KB

  • Sample

    240407-3vbm3aad79

  • MD5

    23d4983f19462052ec4211d5a2b14293

  • SHA1

    4321aead630b7172e9a5655d64fb8b3c4ff6f6d1

  • SHA256

    9bf8120f901ef088378604c89e6e7bb8b77d026faa0b0a1ffdb4aa30e5a40580

  • SHA512

    a71799626c5dd3940c896d6f801976cb004a0efbac540d712e3ccb68cb9ff44f6cf2ec572ed4a0fa78c79993fa73e4ffcab87686af0a122a46e6f15fa3df4ce8

  • SSDEEP

    6144:JjluyDM3Io5R4nM/40yJNycPOl9LRcfrLo2ii75LCbIZnsHZS2DJebX5jH:JEyDMhqhQl9WHokMbIZns5rVez

Malware Config

Targets

    • Target

      9bf8120f901ef088378604c89e6e7bb8b77d026faa0b0a1ffdb4aa30e5a40580

    • Size

      274KB

    • MD5

      23d4983f19462052ec4211d5a2b14293

    • SHA1

      4321aead630b7172e9a5655d64fb8b3c4ff6f6d1

    • SHA256

      9bf8120f901ef088378604c89e6e7bb8b77d026faa0b0a1ffdb4aa30e5a40580

    • SHA512

      a71799626c5dd3940c896d6f801976cb004a0efbac540d712e3ccb68cb9ff44f6cf2ec572ed4a0fa78c79993fa73e4ffcab87686af0a122a46e6f15fa3df4ce8

    • SSDEEP

      6144:JjluyDM3Io5R4nM/40yJNycPOl9LRcfrLo2ii75LCbIZnsHZS2DJebX5jH:JEyDMhqhQl9WHokMbIZns5rVez

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks