General

  • Target

    a775e97fe1c43235e3c356e0b8570e215772bbbd99be7b68742a6aef85a8077d

  • Size

    423KB

  • Sample

    240408-agqkvaah82

  • MD5

    9cc4d64f40eb45b80d3321177a656cbd

  • SHA1

    3fe1654cc3d4dcf10e662d7fab8eba5c9dd9f9ee

  • SHA256

    a775e97fe1c43235e3c356e0b8570e215772bbbd99be7b68742a6aef85a8077d

  • SHA512

    9e2dca1a0372315bbc51e21cfde89ca0faa2a90837e0404689de334fd74a80dbf8822be7d0d6210aee65eb801320dfe23b97a3d8b842335558ccbff07f6c5346

  • SSDEEP

    12288:oGHasii9BhVtuJfneaWVZ8HZElXv68s/lsJLPoa7Nl3:86VuJfn/+M2s/lk7Nl

Malware Config

Targets

    • Target

      a775e97fe1c43235e3c356e0b8570e215772bbbd99be7b68742a6aef85a8077d

    • Size

      423KB

    • MD5

      9cc4d64f40eb45b80d3321177a656cbd

    • SHA1

      3fe1654cc3d4dcf10e662d7fab8eba5c9dd9f9ee

    • SHA256

      a775e97fe1c43235e3c356e0b8570e215772bbbd99be7b68742a6aef85a8077d

    • SHA512

      9e2dca1a0372315bbc51e21cfde89ca0faa2a90837e0404689de334fd74a80dbf8822be7d0d6210aee65eb801320dfe23b97a3d8b842335558ccbff07f6c5346

    • SSDEEP

      12288:oGHasii9BhVtuJfneaWVZ8HZElXv68s/lsJLPoa7Nl3:86VuJfn/+M2s/lk7Nl

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks