General

  • Target

    2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f

  • Size

    88KB

  • Sample

    240407-yjllnsdb84

  • MD5

    315f46da55066392ff0a1af5d10f7e41

  • SHA1

    c05309d3d203724556bf79a765922f49b12607e3

  • SHA256

    2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f

  • SHA512

    a78987b29dc16b9a9c8ff58d520ebaf0ad904624275d46726c64069a95dbaf6edb24be511832594f3676c5d1686f0e12f0220f24db62e43d76c25f76f0df529c

  • SSDEEP

    1536:dFJz/vArEqF8F1DXE2HCIkjDL6jlT/V1Ayj4m/QWR/Rlq88vlnRqPR/1aViYzbS:dvs4dDXEGCLElJ1Tj4mYWR/R4nkPR/1X

Malware Config

Targets

    • Target

      2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f

    • Size

      88KB

    • MD5

      315f46da55066392ff0a1af5d10f7e41

    • SHA1

      c05309d3d203724556bf79a765922f49b12607e3

    • SHA256

      2ec939c19a80906c0da6e47528e6bd8b74fe5e0da9c75a1de01883a686284e0f

    • SHA512

      a78987b29dc16b9a9c8ff58d520ebaf0ad904624275d46726c64069a95dbaf6edb24be511832594f3676c5d1686f0e12f0220f24db62e43d76c25f76f0df529c

    • SSDEEP

      1536:dFJz/vArEqF8F1DXE2HCIkjDL6jlT/V1Ayj4m/QWR/Rlq88vlnRqPR/1aViYzbS:dvs4dDXEGCLElJ1Tj4mYWR/R4nkPR/1X

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks