General

  • Target

    9d1a4e287e9b08658c598122fe324cfa02576160d8311cb174662a887c0ea8ab

  • Size

    467KB

  • Sample

    240407-3w2kwaae52

  • MD5

    2a937b31ab1a04b8cbf8d1675bfbfbae

  • SHA1

    1f80e5875003da6d5606bb79dc5e79ca179cd3c4

  • SHA256

    9d1a4e287e9b08658c598122fe324cfa02576160d8311cb174662a887c0ea8ab

  • SHA512

    ef70d296aeb3f1fb65b815d24750065ad955452a512624bbacab5aa47d07cf813b784c3818ad55e18d5da4a826513b79bbb43a780fc32dda0a432eb1a64235f4

  • SSDEEP

    12288:bEQoSx0qXQlgWrJ94c5ZLNQlxYcjT2AWOPYYXcdiZxD1:bHelVJ9Dm0cjS1w4gZxp

Malware Config

Targets

    • Target

      9d1a4e287e9b08658c598122fe324cfa02576160d8311cb174662a887c0ea8ab

    • Size

      467KB

    • MD5

      2a937b31ab1a04b8cbf8d1675bfbfbae

    • SHA1

      1f80e5875003da6d5606bb79dc5e79ca179cd3c4

    • SHA256

      9d1a4e287e9b08658c598122fe324cfa02576160d8311cb174662a887c0ea8ab

    • SHA512

      ef70d296aeb3f1fb65b815d24750065ad955452a512624bbacab5aa47d07cf813b784c3818ad55e18d5da4a826513b79bbb43a780fc32dda0a432eb1a64235f4

    • SSDEEP

      12288:bEQoSx0qXQlgWrJ94c5ZLNQlxYcjT2AWOPYYXcdiZxD1:bHelVJ9Dm0cjS1w4gZxp

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks