General

  • Target

    266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864

  • Size

    1.2MB

  • Sample

    240407-x8ap2acc9x

  • MD5

    e1a69dbfd293df1859d418229176c9bb

  • SHA1

    da21a02e36d1c8b60e2ad7809fc4292ab26885a3

  • SHA256

    266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864

  • SHA512

    56acfc0f37bebc1fcd10770f1c8993bc9bbf6b0241a2b8902a8ae3e6e0fc448bb9c8c18585ce58312d799cccabe512b577876270cbc1ea39e8970d23e532d10b

  • SSDEEP

    24576:bHiqGsg68g7g1fPmHCHJsXUN4+u+YeU05mV:jiqvgVg74fPmipsX44+u0a

Malware Config

Targets

    • Target

      266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864

    • Size

      1.2MB

    • MD5

      e1a69dbfd293df1859d418229176c9bb

    • SHA1

      da21a02e36d1c8b60e2ad7809fc4292ab26885a3

    • SHA256

      266f711b53b3c0817cb60b64fe946cea16f8a72db6c0cd747728662edee4c864

    • SHA512

      56acfc0f37bebc1fcd10770f1c8993bc9bbf6b0241a2b8902a8ae3e6e0fc448bb9c8c18585ce58312d799cccabe512b577876270cbc1ea39e8970d23e532d10b

    • SSDEEP

      24576:bHiqGsg68g7g1fPmHCHJsXUN4+u+YeU05mV:jiqvgVg74fPmipsX44+u0a

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks