General

  • Target

    4c848eb4c34b72f6dec353653daf10a3a9f2555e4c88c16e02ced0fa2928a499

  • Size

    251KB

  • Sample

    240407-zns2zseb7w

  • MD5

    eb1310d9c20a39f835ce3edc504c300f

  • SHA1

    689aa02f1fa41a005f368f93cc86ed8f690a8ed2

  • SHA256

    4c848eb4c34b72f6dec353653daf10a3a9f2555e4c88c16e02ced0fa2928a499

  • SHA512

    226d8fa242b8ed3c9e69947b710d2da7cbbc6770ea484fecb2fffe0a11159ba8bb43ca99cf573cd554e73f3742f7cee51185f48c5c90e34217e8cb7bf7de252b

  • SSDEEP

    6144:VjluQoSv4DSIo5R4nM/40yQfwV8Y/bsjY5jgoNGqHkoO8s1z4viCJnj:VEQoSfqMFY/5dgoQqH0ux

Malware Config

Targets

    • Target

      4c848eb4c34b72f6dec353653daf10a3a9f2555e4c88c16e02ced0fa2928a499

    • Size

      251KB

    • MD5

      eb1310d9c20a39f835ce3edc504c300f

    • SHA1

      689aa02f1fa41a005f368f93cc86ed8f690a8ed2

    • SHA256

      4c848eb4c34b72f6dec353653daf10a3a9f2555e4c88c16e02ced0fa2928a499

    • SHA512

      226d8fa242b8ed3c9e69947b710d2da7cbbc6770ea484fecb2fffe0a11159ba8bb43ca99cf573cd554e73f3742f7cee51185f48c5c90e34217e8cb7bf7de252b

    • SSDEEP

      6144:VjluQoSv4DSIo5R4nM/40yQfwV8Y/bsjY5jgoNGqHkoO8s1z4viCJnj:VEQoSfqMFY/5dgoQqH0ux

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks