General

  • Target

    33b85c107eaa0b827d8d86ecc1634a4638243e2ee9817746517e30fcd8a6be81

  • Size

    171KB

  • Sample

    240407-ypf85sdd54

  • MD5

    430465c4ab9d7ad100dea53703ecfb93

  • SHA1

    c48dabd4dcf30e371f264d74d6c9edd512ec4603

  • SHA256

    33b85c107eaa0b827d8d86ecc1634a4638243e2ee9817746517e30fcd8a6be81

  • SHA512

    f5bea2af23bb3b1eed0a6493443101afadc8b1a30d24d31afd2b2f8bd8bcd052433528c7539610acc127e07fd1b917b371700b2676f6d569c00eb989ca885eb5

  • SSDEEP

    3072:sCx969mf1oCBEyUmY8Hb6smCDpDjL0dbKKHwYLWekmRaMBQoVqy8j2GEctsMYDCh:sCzn9BVUmFH5hpDiqY/LHVl8yhxJgV

Malware Config

Targets

    • Target

      33b85c107eaa0b827d8d86ecc1634a4638243e2ee9817746517e30fcd8a6be81

    • Size

      171KB

    • MD5

      430465c4ab9d7ad100dea53703ecfb93

    • SHA1

      c48dabd4dcf30e371f264d74d6c9edd512ec4603

    • SHA256

      33b85c107eaa0b827d8d86ecc1634a4638243e2ee9817746517e30fcd8a6be81

    • SHA512

      f5bea2af23bb3b1eed0a6493443101afadc8b1a30d24d31afd2b2f8bd8bcd052433528c7539610acc127e07fd1b917b371700b2676f6d569c00eb989ca885eb5

    • SSDEEP

      3072:sCx969mf1oCBEyUmY8Hb6smCDpDjL0dbKKHwYLWekmRaMBQoVqy8j2GEctsMYDCh:sCzn9BVUmFH5hpDiqY/LHVl8yhxJgV

    • Detects executables containing base64 encoded User Agent

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks