General

  • Target

    17e14d4aaddcecf1b6f8fab93eb0df4859bcf32caac79e7f2b562eddc6961ffb

  • Size

    119KB

  • Sample

    240407-xmvhbabe9w

  • MD5

    1edf8f259a2643f9e170ff155d9f8128

  • SHA1

    fc8c52140b82609ab81de6b7fccb4eca4015efed

  • SHA256

    17e14d4aaddcecf1b6f8fab93eb0df4859bcf32caac79e7f2b562eddc6961ffb

  • SHA512

    e0ba547ce87f6ce634c87d20aebedf754de8c4d9e9957dfbeefaf2f64cf338a9880d0534b8e3e44087369531b922b9cf3b59d92f01f06c062adde175a42d32d8

  • SSDEEP

    3072:cOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:cIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

Malware Config

Targets

    • Target

      17e14d4aaddcecf1b6f8fab93eb0df4859bcf32caac79e7f2b562eddc6961ffb

    • Size

      119KB

    • MD5

      1edf8f259a2643f9e170ff155d9f8128

    • SHA1

      fc8c52140b82609ab81de6b7fccb4eca4015efed

    • SHA256

      17e14d4aaddcecf1b6f8fab93eb0df4859bcf32caac79e7f2b562eddc6961ffb

    • SHA512

      e0ba547ce87f6ce634c87d20aebedf754de8c4d9e9957dfbeefaf2f64cf338a9880d0534b8e3e44087369531b922b9cf3b59d92f01f06c062adde175a42d32d8

    • SSDEEP

      3072:cOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:cIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks