General

  • Target

    39e8455d21447e32141dc064eb7504c6925f823bf6d9c8ce004d44cb8facc80b

  • Size

    1.3MB

  • Sample

    240410-mghw8afd21

  • MD5

    ee3895f50bbc6316a746c239afc47e71

  • SHA1

    4aaf0acb7891fe06868ea442f55e5913961117d7

  • SHA256

    39e8455d21447e32141dc064eb7504c6925f823bf6d9c8ce004d44cb8facc80b

  • SHA512

    0a6e1fc864aa8b013c8a2585053ad7bf095226f4bc9966dd3605aac068df3fd9c409932c5e0b78f19dc64842f25b47339b1137b2fa83031f263a2be89e44f7a8

  • SSDEEP

    12288:uduBqfIBpUXjWMzp7E9Yy+PIPx2TQ1RABd89XBJm3QXNOZJxRYE601YldgcMeAoG:uEkQB4h7E6r5Q7AaJBo3QXerYfdgBD

Malware Config

Targets

    • Target

      39e8455d21447e32141dc064eb7504c6925f823bf6d9c8ce004d44cb8facc80b

    • Size

      1.3MB

    • MD5

      ee3895f50bbc6316a746c239afc47e71

    • SHA1

      4aaf0acb7891fe06868ea442f55e5913961117d7

    • SHA256

      39e8455d21447e32141dc064eb7504c6925f823bf6d9c8ce004d44cb8facc80b

    • SHA512

      0a6e1fc864aa8b013c8a2585053ad7bf095226f4bc9966dd3605aac068df3fd9c409932c5e0b78f19dc64842f25b47339b1137b2fa83031f263a2be89e44f7a8

    • SSDEEP

      12288:uduBqfIBpUXjWMzp7E9Yy+PIPx2TQ1RABd89XBJm3QXNOZJxRYE601YldgcMeAoG:uEkQB4h7E6r5Q7AaJBo3QXerYfdgBD

    • OutSteel

      OutSteel is a file uploader and document stealer written in AutoIT.

    • OutSteel batch script

      Detects batch script dropped by OutSteel

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks