General

  • Target

    223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd

  • Size

    2.0MB

  • Sample

    240407-x15kfacd99

  • MD5

    4e5872eca08a9d04742b50d9f860b3e5

  • SHA1

    0d223ce9bd58ab906e8083e4facd496cb0601eeb

  • SHA256

    223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd

  • SHA512

    6306c8ed138e017af0558b766a6bc9f33af75d67c001f8eb1bc1c19a52efa3aa60a5d7a2fa11bd1e3b8de432192f0cc5ba32a76d7492ca2dd3f2881c5810bef9

  • SSDEEP

    49152:j6GIJg7d1hmD9gWwEe5Afsak2DW4ZEkczOtsDkFYta:j6LJUdnhJ5jai4bcyt/+k

Malware Config

Targets

    • Target

      223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd

    • Size

      2.0MB

    • MD5

      4e5872eca08a9d04742b50d9f860b3e5

    • SHA1

      0d223ce9bd58ab906e8083e4facd496cb0601eeb

    • SHA256

      223114c4b6125f7f36b292d1048b3827941b6e970aa32466999cd6078ad45bbd

    • SHA512

      6306c8ed138e017af0558b766a6bc9f33af75d67c001f8eb1bc1c19a52efa3aa60a5d7a2fa11bd1e3b8de432192f0cc5ba32a76d7492ca2dd3f2881c5810bef9

    • SSDEEP

      49152:j6GIJg7d1hmD9gWwEe5Afsak2DW4ZEkczOtsDkFYta:j6LJUdnhJ5jai4bcyt/+k

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks