General

  • Target

    3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc

  • Size

    1.4MB

  • Sample

    240407-yzdwrsdg27

  • MD5

    174daa247aefc52d66f535735e1f3426

  • SHA1

    09f4b3f3fb972a89dc66af59ef84f4e3584c6e00

  • SHA256

    3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc

  • SHA512

    b9ad7ba6f0eb0a4f4bf2fe693dcf26bf75e4ab78f386d0e51931d57b946e4c916273772c0882b6398359275564c1964d79ef09d4dab2b4f67bbda7d51830136f

  • SSDEEP

    24576:bHXsaqaoi0NP91nBvdVhe3lehBaaSwOwgi4EiDeo8y+MfmcxP+:j8anCP9lBbhee7owtiqo8QmKP+

Malware Config

Targets

    • Target

      3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc

    • Size

      1.4MB

    • MD5

      174daa247aefc52d66f535735e1f3426

    • SHA1

      09f4b3f3fb972a89dc66af59ef84f4e3584c6e00

    • SHA256

      3b327da35f60060150653b401ecb0cead43c1845daa0597939f060979bee83cc

    • SHA512

      b9ad7ba6f0eb0a4f4bf2fe693dcf26bf75e4ab78f386d0e51931d57b946e4c916273772c0882b6398359275564c1964d79ef09d4dab2b4f67bbda7d51830136f

    • SSDEEP

      24576:bHXsaqaoi0NP91nBvdVhe3lehBaaSwOwgi4EiDeo8y+MfmcxP+:j8anCP9lBbhee7owtiqo8QmKP+

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks