General

  • Target

    a9b04f3e0a561d842e1567e1b18ff6738409f73f71f36229b5f32267c1354688

  • Size

    333KB

  • Sample

    240408-ajt12sah2z

  • MD5

    7cfd8c016556d720366fbdd34c575450

  • SHA1

    744c3d93ece5bc16961ac645ae1540b00f78a9d1

  • SHA256

    a9b04f3e0a561d842e1567e1b18ff6738409f73f71f36229b5f32267c1354688

  • SHA512

    476b9439726c4df34d9ccd45173288fd11ae7550c19abf84c1521cd1d8b19131427158c99420b54fb31d9f2a9bae6f7ddd042466e875a12f04bc26bb920d0905

  • SSDEEP

    6144:oGHGRpO9p1om9+xs3NBBkzxq3mtW99NZ/Bm++jqH4FqmS11sacTiRAtUbDhguD+F:oGHasii9BKzxqyY9NZQ+SFw118TiCt8i

Malware Config

Targets

    • Target

      a9b04f3e0a561d842e1567e1b18ff6738409f73f71f36229b5f32267c1354688

    • Size

      333KB

    • MD5

      7cfd8c016556d720366fbdd34c575450

    • SHA1

      744c3d93ece5bc16961ac645ae1540b00f78a9d1

    • SHA256

      a9b04f3e0a561d842e1567e1b18ff6738409f73f71f36229b5f32267c1354688

    • SHA512

      476b9439726c4df34d9ccd45173288fd11ae7550c19abf84c1521cd1d8b19131427158c99420b54fb31d9f2a9bae6f7ddd042466e875a12f04bc26bb920d0905

    • SSDEEP

      6144:oGHGRpO9p1om9+xs3NBBkzxq3mtW99NZ/Bm++jqH4FqmS11sacTiRAtUbDhguD+F:oGHasii9BKzxqyY9NZQ+SFw118TiCt8i

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks