General

  • Target

    4e4d40bbc4ab15788eb3ac7947aab48139067fc60623830bc2767bad203a6880

  • Size

    369KB

  • Sample

    240407-zq4w9sef45

  • MD5

    54b9c2f2ff52f04c2113f6e928ac35e5

  • SHA1

    c655ed356b48267b0d7b5cacf275826e7e09c27d

  • SHA256

    4e4d40bbc4ab15788eb3ac7947aab48139067fc60623830bc2767bad203a6880

  • SHA512

    872cdf5e5502767c53f9e4da275d8780c5d14399bf3a0ab55939707e1405863a274143b36ecd49ab00838560a6eea31f32cd423f69fd58b88cbffb06250b4cfa

  • SSDEEP

    6144:gjluQoS3Io5R+I9XYJo36wtA9mIdSmYsUscOHhOUVh/9nltIcsY3l4+LFBJsOK1M:gEQoShX9XSo3rApSmYs7vvVnLI5IL+dM

Malware Config

Targets

    • Target

      4e4d40bbc4ab15788eb3ac7947aab48139067fc60623830bc2767bad203a6880

    • Size

      369KB

    • MD5

      54b9c2f2ff52f04c2113f6e928ac35e5

    • SHA1

      c655ed356b48267b0d7b5cacf275826e7e09c27d

    • SHA256

      4e4d40bbc4ab15788eb3ac7947aab48139067fc60623830bc2767bad203a6880

    • SHA512

      872cdf5e5502767c53f9e4da275d8780c5d14399bf3a0ab55939707e1405863a274143b36ecd49ab00838560a6eea31f32cd423f69fd58b88cbffb06250b4cfa

    • SSDEEP

      6144:gjluQoS3Io5R+I9XYJo36wtA9mIdSmYsUscOHhOUVh/9nltIcsY3l4+LFBJsOK1M:gEQoShX9XSo3rApSmYs7vvVnLI5IL+dM

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks