General

  • Target

    3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757

  • Size

    128KB

  • Sample

    240407-ytvx4ade83

  • MD5

    8b48fbf5dcefba2a141f43e595111bf7

  • SHA1

    b857b81adb0e77fc40cbc5c2987e4909b211b1bc

  • SHA256

    3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757

  • SHA512

    c95dbcdc560450690e8630d2215f420377c2bdd38b42a86e205c3b31038eb1bdfd955d22d49d60224f8da9979072bc190dfa4540a2a45f29345367bcf757a1c5

  • SSDEEP

    3072:Dvs4dDXEGCLElz1Tj4mYWR/R4nkPR/1aVowVunF58s+vt:bPDLCL4Io5R4nM/4rVmbh+vt

Malware Config

Targets

    • Target

      3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757

    • Size

      128KB

    • MD5

      8b48fbf5dcefba2a141f43e595111bf7

    • SHA1

      b857b81adb0e77fc40cbc5c2987e4909b211b1bc

    • SHA256

      3785c48f0d4ca3ac00bf9fa651e3dba57198b8591e7d2267d77c6138dc2a1757

    • SHA512

      c95dbcdc560450690e8630d2215f420377c2bdd38b42a86e205c3b31038eb1bdfd955d22d49d60224f8da9979072bc190dfa4540a2a45f29345367bcf757a1c5

    • SSDEEP

      3072:Dvs4dDXEGCLElz1Tj4mYWR/R4nkPR/1aVowVunF58s+vt:bPDLCL4Io5R4nM/4rVmbh+vt

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks