General

  • Target

    a3d7788e92fbc67f22a16dadb2108faf4e4c37d9abf223e0761bdb1266e1d314

  • Size

    289KB

  • Sample

    240408-adfw8sae91

  • MD5

    c550e42921b33b92f02419993e205704

  • SHA1

    8f7cada372f7801d3fd616b9a75bf66cf9f108ae

  • SHA256

    a3d7788e92fbc67f22a16dadb2108faf4e4c37d9abf223e0761bdb1266e1d314

  • SHA512

    2fe8cc6824b8e13cc0730a0eae74ab412b50f4392c6547b0f893fd7414c27527c9ad0361908740ab126b26e3b358ef9f01a5a9e3d0e5615b11146f46b4533eeb

  • SSDEEP

    6144:VjluQoSv4DSIo5R4nM/40ypSsSy84K/iK+cohDq3cSxSwFQFTn78FWJ2g0LdWn:VEQoSfqosSh4K/iq33c8gnwFW10Ld0

Malware Config

Targets

    • Target

      a3d7788e92fbc67f22a16dadb2108faf4e4c37d9abf223e0761bdb1266e1d314

    • Size

      289KB

    • MD5

      c550e42921b33b92f02419993e205704

    • SHA1

      8f7cada372f7801d3fd616b9a75bf66cf9f108ae

    • SHA256

      a3d7788e92fbc67f22a16dadb2108faf4e4c37d9abf223e0761bdb1266e1d314

    • SHA512

      2fe8cc6824b8e13cc0730a0eae74ab412b50f4392c6547b0f893fd7414c27527c9ad0361908740ab126b26e3b358ef9f01a5a9e3d0e5615b11146f46b4533eeb

    • SSDEEP

      6144:VjluQoSv4DSIo5R4nM/40ypSsSy84K/iK+cohDq3cSxSwFQFTn78FWJ2g0LdWn:VEQoSfqosSh4K/iq33c8gnwFW10Ld0

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks