General

  • Target

    35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4

  • Size

    251KB

  • Sample

    240407-yr6ltada9s

  • MD5

    58379969ac6a06d9572f01e761416cbd

  • SHA1

    7b08d45b48d3a5ea717b1ef7a95577a8bfde418a

  • SHA256

    35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4

  • SHA512

    465ca268632e3e94717c27f7b0f3ad4f376a039cee94d413ba8aa87fd3802def19a1ad44094ed36a2ff3866bb2e12f44b342a4a75d527db590ba0855e8990ea4

  • SSDEEP

    6144:tjluQoSDIo5R4nM/40yJNcinBAnGreE3gwxfEp33zPt6hE9E/0Ims:tEQoS9qhFeG6E323zY2mcIms

Malware Config

Targets

    • Target

      35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4

    • Size

      251KB

    • MD5

      58379969ac6a06d9572f01e761416cbd

    • SHA1

      7b08d45b48d3a5ea717b1ef7a95577a8bfde418a

    • SHA256

      35eb35c4822773fa317363cd871ef43512096361694ab8b676c3285757facee4

    • SHA512

      465ca268632e3e94717c27f7b0f3ad4f376a039cee94d413ba8aa87fd3802def19a1ad44094ed36a2ff3866bb2e12f44b342a4a75d527db590ba0855e8990ea4

    • SSDEEP

      6144:tjluQoSDIo5R4nM/40yJNcinBAnGreE3gwxfEp33zPt6hE9E/0Ims:tEQoS9qhFeG6E323zY2mcIms

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks