General

  • Target

    4e4b5556360ef607b8eb773c5ef26869ec3fc8aad4be38b25618465c4ed82357

  • Size

    218KB

  • Sample

    240407-zqxg7aef43

  • MD5

    3bb821ca6311c169fbe6be4735f59a64

  • SHA1

    d61ed432715f1e2dab76ba37cda6d71665d8b78a

  • SHA256

    4e4b5556360ef607b8eb773c5ef26869ec3fc8aad4be38b25618465c4ed82357

  • SHA512

    3762eb6b3e32e586f745ce8f5245ca39049c36cf0e8a13d59160fb0be72b35fbfda9661850d66cab0b3a9ba657e8cda6059041c0b659cca91ed76e3d671149c1

  • SSDEEP

    6144:oGHGRpO9p1om9+xs3NBBOt33dLBYtt8mOi/:oGHasii9BUt33dLBqt8mx

Malware Config

Targets

    • Target

      4e4b5556360ef607b8eb773c5ef26869ec3fc8aad4be38b25618465c4ed82357

    • Size

      218KB

    • MD5

      3bb821ca6311c169fbe6be4735f59a64

    • SHA1

      d61ed432715f1e2dab76ba37cda6d71665d8b78a

    • SHA256

      4e4b5556360ef607b8eb773c5ef26869ec3fc8aad4be38b25618465c4ed82357

    • SHA512

      3762eb6b3e32e586f745ce8f5245ca39049c36cf0e8a13d59160fb0be72b35fbfda9661850d66cab0b3a9ba657e8cda6059041c0b659cca91ed76e3d671149c1

    • SSDEEP

      6144:oGHGRpO9p1om9+xs3NBBOt33dLBYtt8mOi/:oGHasii9BUt33dLBqt8mx

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks