General

  • Target

    9d05159ec7ffd72168453a090e7659051ec409009fd6c035bd02152bccf83d43

  • Size

    291KB

  • Sample

    240407-3wyh8aac5s

  • MD5

    d22e6bcdc36362b59e72f1b186aa357b

  • SHA1

    a4b9ee816aa5d85fe0383f767f5af9c9b397a401

  • SHA256

    9d05159ec7ffd72168453a090e7659051ec409009fd6c035bd02152bccf83d43

  • SHA512

    ec515cbcb674ff7720345cec181069a1f79f5d65718bb1c90ff70978760e7ae34850471ee6695bc9653f09ab42f0edf1a17614940679df1a782e3f384fe82582

  • SSDEEP

    6144:dXC4vgmhbIxs3NBBOC/Rj28uGe+ZUG69oSRGs9UjU4lX1vw:dXCNi9BNRSPGexh9bImUllFw

Malware Config

Targets

    • Target

      9d05159ec7ffd72168453a090e7659051ec409009fd6c035bd02152bccf83d43

    • Size

      291KB

    • MD5

      d22e6bcdc36362b59e72f1b186aa357b

    • SHA1

      a4b9ee816aa5d85fe0383f767f5af9c9b397a401

    • SHA256

      9d05159ec7ffd72168453a090e7659051ec409009fd6c035bd02152bccf83d43

    • SHA512

      ec515cbcb674ff7720345cec181069a1f79f5d65718bb1c90ff70978760e7ae34850471ee6695bc9653f09ab42f0edf1a17614940679df1a782e3f384fe82582

    • SSDEEP

      6144:dXC4vgmhbIxs3NBBOC/Rj28uGe+ZUG69oSRGs9UjU4lX1vw:dXCNi9BNRSPGexh9bImUllFw

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks