General

  • Target

    246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7

  • Size

    1.3MB

  • Sample

    240407-x4y7tsce96

  • MD5

    dd75b5bd5215a9a5c7dce002336a209b

  • SHA1

    2c897efba30afd20dc1fdd73bdde8466f57f75a7

  • SHA256

    246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7

  • SHA512

    10e4d2ca4e02dc6d8f4eb76772211ac58de932e39258820cb385b92caa2f82d0c5587cd4e83c102fe2533c2efa6f5a1b341ac2f9079ad2d8e3940ced0f993dc0

  • SSDEEP

    24576:VyZhxQJpv8T2BckBQnrm9heT5ljetAiSOCmA4r8tYy2eOGDnF:sZTQJpv8T2aaYS6vFORAWQnF

Malware Config

Targets

    • Target

      246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7

    • Size

      1.3MB

    • MD5

      dd75b5bd5215a9a5c7dce002336a209b

    • SHA1

      2c897efba30afd20dc1fdd73bdde8466f57f75a7

    • SHA256

      246ead1579564c889162b3dbc68e66a08e060ee06e6a128cad7ce3e15bc08da7

    • SHA512

      10e4d2ca4e02dc6d8f4eb76772211ac58de932e39258820cb385b92caa2f82d0c5587cd4e83c102fe2533c2efa6f5a1b341ac2f9079ad2d8e3940ced0f993dc0

    • SSDEEP

      24576:VyZhxQJpv8T2BckBQnrm9heT5ljetAiSOCmA4r8tYy2eOGDnF:sZTQJpv8T2aaYS6vFORAWQnF

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks