General

  • Target

    39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126

  • Size

    248KB

  • Sample

    240407-yxrd3sdc4t

  • MD5

    1753e870c7555e5a183036511a9625ba

  • SHA1

    0f79bfbc5a06dda56bf5311e51e9b7f5e8b05793

  • SHA256

    39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126

  • SHA512

    7fb5731542d58d73eec81aa1719107bdb3bf96a0f36c023b65edcfa01ccb717e05b714ff5bea03fed54759010129a71d2e380fad716ce0ff360d2444a7e06103

  • SSDEEP

    6144:aDOxZXrSHXUTsqQ33gjWHGP9a5yaZDAUaPT2:lXa8sqUgjlNaZDFYT2

Malware Config

Targets

    • Target

      39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126

    • Size

      248KB

    • MD5

      1753e870c7555e5a183036511a9625ba

    • SHA1

      0f79bfbc5a06dda56bf5311e51e9b7f5e8b05793

    • SHA256

      39fea18ace0dd1bbb2c3be98d493cb9a55c43f9dd74ff0d34399a56a2f126126

    • SHA512

      7fb5731542d58d73eec81aa1719107bdb3bf96a0f36c023b65edcfa01ccb717e05b714ff5bea03fed54759010129a71d2e380fad716ce0ff360d2444a7e06103

    • SSDEEP

      6144:aDOxZXrSHXUTsqQ33gjWHGP9a5yaZDAUaPT2:lXa8sqUgjlNaZDFYT2

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks