General

  • Target

    20a045c7fd9a0824088decd13c8e62e2a7a31abb8c8b0db975df44837c773c57

  • Size

    241KB

  • Sample

    240407-xy5sescd59

  • MD5

    6448fe2736ea5b54df2c166b9176d12c

  • SHA1

    44eb5d789f05d52af1129bf4daac82bdd5aaddbd

  • SHA256

    20a045c7fd9a0824088decd13c8e62e2a7a31abb8c8b0db975df44837c773c57

  • SHA512

    faa4090d0ff876999197e1917e44a40d5c44e8d1cfac18db7c1f528bb556e07d1a6cb47b135a0cf29c57501b617714f916cb018c191fb90064933f13efd54afe

  • SSDEEP

    3072:y9jbLl/gvQoutE1Tj4mYWR/R/M/h8COSFrWQnhBUYhoQSFEV3T2ECCqhzYabk0C8:0jluQoSuIo5RQ8DwrGYc434hz35rPJ

Malware Config

Targets

    • Target

      20a045c7fd9a0824088decd13c8e62e2a7a31abb8c8b0db975df44837c773c57

    • Size

      241KB

    • MD5

      6448fe2736ea5b54df2c166b9176d12c

    • SHA1

      44eb5d789f05d52af1129bf4daac82bdd5aaddbd

    • SHA256

      20a045c7fd9a0824088decd13c8e62e2a7a31abb8c8b0db975df44837c773c57

    • SHA512

      faa4090d0ff876999197e1917e44a40d5c44e8d1cfac18db7c1f528bb556e07d1a6cb47b135a0cf29c57501b617714f916cb018c191fb90064933f13efd54afe

    • SSDEEP

      3072:y9jbLl/gvQoutE1Tj4mYWR/R/M/h8COSFrWQnhBUYhoQSFEV3T2ECCqhzYabk0C8:0jluQoSuIo5RQ8DwrGYc434hz35rPJ

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks