General

  • Target

    3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381

  • Size

    408KB

  • Sample

    240407-yxzepadc4y

  • MD5

    7cbaab94c4d6df3b9cd1b38cac9e1912

  • SHA1

    07cae2758735b6b4779b42f1ae859ce3869f5f2d

  • SHA256

    3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381

  • SHA512

    3023ac41fa5c70148817dbe7248cfeec4255407a1c1ee111f26ba627d31d43201e7692829f758929d81ac89c08840ce5ccc43b6bcd82cdf9c5fa4e08d8e85501

  • SSDEEP

    12288:SEQoSeTbVU27ZS8YvIh8MS6gpgvhdfiDA9F:S8bVd7M/MwmvhNimF

Malware Config

Targets

    • Target

      3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381

    • Size

      408KB

    • MD5

      7cbaab94c4d6df3b9cd1b38cac9e1912

    • SHA1

      07cae2758735b6b4779b42f1ae859ce3869f5f2d

    • SHA256

      3a64b7c05b88fa97cbd47c51ce1d2aab0449711449d064ce9734b45aa76a0381

    • SHA512

      3023ac41fa5c70148817dbe7248cfeec4255407a1c1ee111f26ba627d31d43201e7692829f758929d81ac89c08840ce5ccc43b6bcd82cdf9c5fa4e08d8e85501

    • SSDEEP

      12288:SEQoSeTbVU27ZS8YvIh8MS6gpgvhdfiDA9F:S8bVd7M/MwmvhNimF

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks