General

  • Target

    c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523

  • Size

    97KB

  • Sample

    240408-bkcc3acc2y

  • MD5

    a0b8480421a2c149c11a756a8c76fea2

  • SHA1

    1ee91fac289918038df2d2d49c4d6a59c0388c85

  • SHA256

    c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523

  • SHA512

    986892b83ba0d611b65a6b2f00843f35b8f865b61a665c193654ffaccff4791d52fdac24af83953fc33b2dbe5178bd45766db5461ef011d16dbb2ca3f1226525

  • SSDEEP

    1536:0rRVCaKgzbLc54hukfgvYnouy8vZKYcxsq:0ljbLl/gvQoutgYcxsq

Malware Config

Targets

    • Target

      c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523

    • Size

      97KB

    • MD5

      a0b8480421a2c149c11a756a8c76fea2

    • SHA1

      1ee91fac289918038df2d2d49c4d6a59c0388c85

    • SHA256

      c3ada878db15fb6772d6fd023c0b35cfba0daad556e6b91617ec7ca1a1787523

    • SHA512

      986892b83ba0d611b65a6b2f00843f35b8f865b61a665c193654ffaccff4791d52fdac24af83953fc33b2dbe5178bd45766db5461ef011d16dbb2ca3f1226525

    • SSDEEP

      1536:0rRVCaKgzbLc54hukfgvYnouy8vZKYcxsq:0ljbLl/gvQoutgYcxsq

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks