General

  • Target

    4ebabf882222318dec9aa949c4a468b0828c1ad31e9177b05504bcf89be4ab4b

  • Size

    1.1MB

  • Sample

    240407-zrtspaec6v

  • MD5

    96685ba2970acc1fb84e35f3a964216b

  • SHA1

    987918a32ded6d9bace186b662db5a1860d14bc9

  • SHA256

    4ebabf882222318dec9aa949c4a468b0828c1ad31e9177b05504bcf89be4ab4b

  • SHA512

    bd7927965bbb60b0bd7584a2eed5980c937fa5e0a8d538fd822cd8157feaedb7f509ca582c99f84259b1b02617d6daea1ad14857c3d45e269cf3e9ffc088c27a

  • SSDEEP

    24576:A8wsvmP9dlC4Ket6IR/ngmmL6qmIyXSAH5MLS6/zbIS+XI:A3dU4KTIJgmnIyX3MLz/zblx

Malware Config

Targets

    • Target

      4ebabf882222318dec9aa949c4a468b0828c1ad31e9177b05504bcf89be4ab4b

    • Size

      1.1MB

    • MD5

      96685ba2970acc1fb84e35f3a964216b

    • SHA1

      987918a32ded6d9bace186b662db5a1860d14bc9

    • SHA256

      4ebabf882222318dec9aa949c4a468b0828c1ad31e9177b05504bcf89be4ab4b

    • SHA512

      bd7927965bbb60b0bd7584a2eed5980c937fa5e0a8d538fd822cd8157feaedb7f509ca582c99f84259b1b02617d6daea1ad14857c3d45e269cf3e9ffc088c27a

    • SSDEEP

      24576:A8wsvmP9dlC4Ket6IR/ngmmL6qmIyXSAH5MLS6/zbIS+XI:A3dU4KTIJgmnIyX3MLz/zblx

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks