General

  • Target

    a88666968d9eeadd3b1c3e75a4dee7fc5fc32ba278815611d11553688d109756

  • Size

    161KB

  • Sample

    240408-ahz6nsba29

  • MD5

    be4c287a466e4b1c02d35b486db4e14a

  • SHA1

    b08dfd06aa4fd8968932b6a01296fc88da2cbd06

  • SHA256

    a88666968d9eeadd3b1c3e75a4dee7fc5fc32ba278815611d11553688d109756

  • SHA512

    24936a1c5df11295104137afd775de3cc7e629d70295c2596edde339fbabee4de298899c91649425533d978707167ab12f64e2ee2c301da2f628f356a2f68819

  • SSDEEP

    3072:cGjbLl/gvQoutY1Tj4mYWR/R4nkPR/1aVuyJN0N1wiPId917pgq8bDtAwK2ooaub:xjluQoSqIo5R4nM/40yJN0/wiA97gRtP

Malware Config

Targets

    • Target

      a88666968d9eeadd3b1c3e75a4dee7fc5fc32ba278815611d11553688d109756

    • Size

      161KB

    • MD5

      be4c287a466e4b1c02d35b486db4e14a

    • SHA1

      b08dfd06aa4fd8968932b6a01296fc88da2cbd06

    • SHA256

      a88666968d9eeadd3b1c3e75a4dee7fc5fc32ba278815611d11553688d109756

    • SHA512

      24936a1c5df11295104137afd775de3cc7e629d70295c2596edde339fbabee4de298899c91649425533d978707167ab12f64e2ee2c301da2f628f356a2f68819

    • SSDEEP

      3072:cGjbLl/gvQoutY1Tj4mYWR/R4nkPR/1aVuyJN0N1wiPId917pgq8bDtAwK2ooaub:xjluQoSqIo5R4nM/40yJN0/wiA97gRtP

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks