General

  • Target

    46c901060bc62c80c868b63c15607460ac2e06466ebacfed6f7861b29f7252f5

  • Size

    1.7MB

  • Sample

    240407-zetbdsec67

  • MD5

    28f34ee8dc831c74e2181d2ebd8c5eba

  • SHA1

    2c1fb43ee4ead41ae836d08930d10f8337f982cb

  • SHA256

    46c901060bc62c80c868b63c15607460ac2e06466ebacfed6f7861b29f7252f5

  • SHA512

    7a6813e00b2c4d8a2dea9be683f5850765468c04c3724f1ecc3d63db16310ce3806f8d57d27219767131c594000eb739b1b6b99d9187f2e02c526fb585f1b743

  • SSDEEP

    49152:j5mMBQ2WWTDEGdkiQm/jJJechrSC15pTKqOIw2hS8NU:j5mMbWWvQwPZhrv5Kx8g8O

Malware Config

Targets

    • Target

      46c901060bc62c80c868b63c15607460ac2e06466ebacfed6f7861b29f7252f5

    • Size

      1.7MB

    • MD5

      28f34ee8dc831c74e2181d2ebd8c5eba

    • SHA1

      2c1fb43ee4ead41ae836d08930d10f8337f982cb

    • SHA256

      46c901060bc62c80c868b63c15607460ac2e06466ebacfed6f7861b29f7252f5

    • SHA512

      7a6813e00b2c4d8a2dea9be683f5850765468c04c3724f1ecc3d63db16310ce3806f8d57d27219767131c594000eb739b1b6b99d9187f2e02c526fb585f1b743

    • SSDEEP

      49152:j5mMBQ2WWTDEGdkiQm/jJJechrSC15pTKqOIw2hS8NU:j5mMbWWvQwPZhrv5Kx8g8O

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks