General

  • Target

    312d5ef92abc37a60cf7dc6a8b2158a36a015b0188c0f4536e424a3e349c7e82

  • Size

    151KB

  • Sample

    240407-ymd11adc82

  • MD5

    5f164635a93001451055a6591034493c

  • SHA1

    0cd1db80d86f7c358818b986880b5b83aff0c8d5

  • SHA256

    312d5ef92abc37a60cf7dc6a8b2158a36a015b0188c0f4536e424a3e349c7e82

  • SHA512

    04fa66c7a428f59f365e1746708e76074a2e3f98a303b4d0e6150008334f026a3b98407171b7295c54a4f04d4c9cc3b8903df06cd215711dc8077b431021a359

  • SSDEEP

    3072:Dvs4dDXEGCLElz1Tj4mYWR/R4nkPR/1aVc7EVKBWMKQSj/AaAuGt4:bPDLCL4Io5R4nM/4OYovVHbC

Malware Config

Targets

    • Target

      312d5ef92abc37a60cf7dc6a8b2158a36a015b0188c0f4536e424a3e349c7e82

    • Size

      151KB

    • MD5

      5f164635a93001451055a6591034493c

    • SHA1

      0cd1db80d86f7c358818b986880b5b83aff0c8d5

    • SHA256

      312d5ef92abc37a60cf7dc6a8b2158a36a015b0188c0f4536e424a3e349c7e82

    • SHA512

      04fa66c7a428f59f365e1746708e76074a2e3f98a303b4d0e6150008334f026a3b98407171b7295c54a4f04d4c9cc3b8903df06cd215711dc8077b431021a359

    • SSDEEP

      3072:Dvs4dDXEGCLElz1Tj4mYWR/R4nkPR/1aVc7EVKBWMKQSj/AaAuGt4:bPDLCL4Io5R4nM/4OYovVHbC

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks