General

  • Target

    29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae

  • Size

    1.1MB

  • Sample

    240407-yccp7ach58

  • MD5

    c0a17426219b6b74662e7668300f1869

  • SHA1

    9db8f9d4516e674edf88de0ee2b8f8c3578d662e

  • SHA256

    29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae

  • SHA512

    8f2b0ebceb307048a1a0e8cf43ad9edb51acb947771899add854ab9393ca461384a74a2840cfefb8d152ad850e409c1e3d6cd9fce9269612bcc6081eb064572e

  • SSDEEP

    24576:bHq4rhlwEJlJLGqIZTIBw5op6MlDVhIHIU6g8yD1xkBzZD1C7a:jq4//N57dpZ7irE2GBNma

Malware Config

Targets

    • Target

      29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae

    • Size

      1.1MB

    • MD5

      c0a17426219b6b74662e7668300f1869

    • SHA1

      9db8f9d4516e674edf88de0ee2b8f8c3578d662e

    • SHA256

      29949187e0b05a4327ae2c65d2214eff1ca2ff2e9adf22be38d721fe98f106ae

    • SHA512

      8f2b0ebceb307048a1a0e8cf43ad9edb51acb947771899add854ab9393ca461384a74a2840cfefb8d152ad850e409c1e3d6cd9fce9269612bcc6081eb064572e

    • SSDEEP

      24576:bHq4rhlwEJlJLGqIZTIBw5op6MlDVhIHIU6g8yD1xkBzZD1C7a:jq4//N57dpZ7irE2GBNma

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks