General

  • Target

    440ab2d11cfc310d675b34a1f1789405e7dd6b855073e206e436ce9e09ae7f40

  • Size

    1.1MB

  • Sample

    240407-zbv1tadg7s

  • MD5

    b590bee423cfb907ed380d9164f2fb71

  • SHA1

    1df5bb3d3088cf6d74ceebf8cd0bb222df244519

  • SHA256

    440ab2d11cfc310d675b34a1f1789405e7dd6b855073e206e436ce9e09ae7f40

  • SHA512

    07e2b6dbdcc56f33e5ef712d9c7bafad8365fbd084ee7044db4ab0c79fb9b1f2efd5ee94d5e05ad67eec47ae5fe553b17081b76e5465ac92d7a4c5a0d38149bc

  • SSDEEP

    24576:t2W56l0K4A7vy30Zzk0XEvZbiwqHJymKgfKm9S0Xtyl68:QG6q2vykZo0XEZrAeaSKyl68

Malware Config

Targets

    • Target

      440ab2d11cfc310d675b34a1f1789405e7dd6b855073e206e436ce9e09ae7f40

    • Size

      1.1MB

    • MD5

      b590bee423cfb907ed380d9164f2fb71

    • SHA1

      1df5bb3d3088cf6d74ceebf8cd0bb222df244519

    • SHA256

      440ab2d11cfc310d675b34a1f1789405e7dd6b855073e206e436ce9e09ae7f40

    • SHA512

      07e2b6dbdcc56f33e5ef712d9c7bafad8365fbd084ee7044db4ab0c79fb9b1f2efd5ee94d5e05ad67eec47ae5fe553b17081b76e5465ac92d7a4c5a0d38149bc

    • SSDEEP

      24576:t2W56l0K4A7vy30Zzk0XEvZbiwqHJymKgfKm9S0Xtyl68:QG6q2vykZo0XEZrAeaSKyl68

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks