General

  • Target

    c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0

  • Size

    260KB

  • Sample

    240420-c1gs6afa8w

  • MD5

    c9132dc8af427cda1ed60e92202cbcb8

  • SHA1

    56dedd44a6c670b51f571c55cf60bff5dd5f05cb

  • SHA256

    c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0

  • SHA512

    14c0034d1e6dcf83cbbf8e003286bcd95b71dbc2926a4df843f9159f4d1b99bf523718881fc6881fcc2ea126938f5d1855974d6dc5a25ad65fb81d9d8443d13f

  • SSDEEP

    6144:HhJkmMlGAzciA4nhT5ai7Ohk/0BFen/xmO:HhJEQloHOXM4O

Malware Config

Targets

    • Target

      c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0

    • Size

      260KB

    • MD5

      c9132dc8af427cda1ed60e92202cbcb8

    • SHA1

      56dedd44a6c670b51f571c55cf60bff5dd5f05cb

    • SHA256

      c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0

    • SHA512

      14c0034d1e6dcf83cbbf8e003286bcd95b71dbc2926a4df843f9159f4d1b99bf523718881fc6881fcc2ea126938f5d1855974d6dc5a25ad65fb81d9d8443d13f

    • SSDEEP

      6144:HhJkmMlGAzciA4nhT5ai7Ohk/0BFen/xmO:HhJEQloHOXM4O

    • Detects executables containing base64 encoded User Agent

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Tasks