General

  • Target

    5033d1df1c982605614f3b8389af39a9c541444a192af4eaa37413f9d1b6042f

  • Size

    2.0MB

  • Sample

    240407-ztp8aaef97

  • MD5

    6f2d8103a3802ac02c2b425b195ecec3

  • SHA1

    7fcbece54a22e7d1f9d5b284d6d7901ad2161ab7

  • SHA256

    5033d1df1c982605614f3b8389af39a9c541444a192af4eaa37413f9d1b6042f

  • SHA512

    e67d4142e625751fc296bdaec1231bdbb50ce8807452092538dd1406c116cba73643f412c20dbbfb11944ba18ab1892c7a02c98264a1d8f433253240018e0af7

  • SSDEEP

    49152:juJWNuGO2kpSOYL43mFnNaKfZSHXH3w97M67v00NMqbzgBNfdV+Pz:jtuGEV3mtH43H3wdM+vlNMYgLd4Pz

Malware Config

Targets

    • Target

      5033d1df1c982605614f3b8389af39a9c541444a192af4eaa37413f9d1b6042f

    • Size

      2.0MB

    • MD5

      6f2d8103a3802ac02c2b425b195ecec3

    • SHA1

      7fcbece54a22e7d1f9d5b284d6d7901ad2161ab7

    • SHA256

      5033d1df1c982605614f3b8389af39a9c541444a192af4eaa37413f9d1b6042f

    • SHA512

      e67d4142e625751fc296bdaec1231bdbb50ce8807452092538dd1406c116cba73643f412c20dbbfb11944ba18ab1892c7a02c98264a1d8f433253240018e0af7

    • SSDEEP

      49152:juJWNuGO2kpSOYL43mFnNaKfZSHXH3w97M67v00NMqbzgBNfdV+Pz:jtuGEV3mtH43H3wdM+vlNMYgLd4Pz

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks