General

  • Target

    a629e956d051919bb37d4de30f8a3f64544d54b4e1089e8eef777dd728325b9c

  • Size

    120KB

  • Sample

    240408-affdgsah27

  • MD5

    a0fb92fd1cf34c313de4a15a6f8d5c90

  • SHA1

    55f8f3aae0cef5c139816da976c5c6c5c7cf12fe

  • SHA256

    a629e956d051919bb37d4de30f8a3f64544d54b4e1089e8eef777dd728325b9c

  • SHA512

    ea60ef98fd48acc4dc5e4b335ad4ec4dc576d631f287a532e4cbde8bc8c0aa959b91558d6fd86d80b7dec15a18465ea2c9e30790c86275424e148d211dfae900

  • SSDEEP

    3072:gOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:gIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

Malware Config

Targets

    • Target

      a629e956d051919bb37d4de30f8a3f64544d54b4e1089e8eef777dd728325b9c

    • Size

      120KB

    • MD5

      a0fb92fd1cf34c313de4a15a6f8d5c90

    • SHA1

      55f8f3aae0cef5c139816da976c5c6c5c7cf12fe

    • SHA256

      a629e956d051919bb37d4de30f8a3f64544d54b4e1089e8eef777dd728325b9c

    • SHA512

      ea60ef98fd48acc4dc5e4b335ad4ec4dc576d631f287a532e4cbde8bc8c0aa959b91558d6fd86d80b7dec15a18465ea2c9e30790c86275424e148d211dfae900

    • SSDEEP

      3072:gOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPh:gIs9OKofHfHTXQLzgvnzHPowYbvrjD/E

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks