General

  • Target

    0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9

  • Size

    263KB

  • Sample

    240407-wy1yssbb79

  • MD5

    e08f08bb56b239dcb02a549756804679

  • SHA1

    a303680ba0382e13ba0833bcde9686bc98ee3aed

  • SHA256

    0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9

  • SHA512

    b669d963941ae4d2e98614261257f792bd4b8933351abe94f3a251e5d4834aa2abebbe8aea9e334a4a6e1556a54d975773f6156c20b8030085282d3832b4bd75

  • SSDEEP

    3072:y9jbLl/gvQoutxQp3dmyBgQbnndOxwomKv5qzN4dDlwbRuguP84Kf1tR3jyv11jK:0jluQoSxCHbdbOwNelwb4mufyMGqC7

Malware Config

Targets

    • Target

      0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9

    • Size

      263KB

    • MD5

      e08f08bb56b239dcb02a549756804679

    • SHA1

      a303680ba0382e13ba0833bcde9686bc98ee3aed

    • SHA256

      0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9

    • SHA512

      b669d963941ae4d2e98614261257f792bd4b8933351abe94f3a251e5d4834aa2abebbe8aea9e334a4a6e1556a54d975773f6156c20b8030085282d3832b4bd75

    • SSDEEP

      3072:y9jbLl/gvQoutxQp3dmyBgQbnndOxwomKv5qzN4dDlwbRuguP84Kf1tR3jyv11jK:0jluQoSxCHbdbOwNelwb4mufyMGqC7

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks