General
-
Target
c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0
-
Size
260KB
-
Sample
240420-c1gs6afa8w
-
MD5
c9132dc8af427cda1ed60e92202cbcb8
-
SHA1
56dedd44a6c670b51f571c55cf60bff5dd5f05cb
-
SHA256
c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0
-
SHA512
14c0034d1e6dcf83cbbf8e003286bcd95b71dbc2926a4df843f9159f4d1b99bf523718881fc6881fcc2ea126938f5d1855974d6dc5a25ad65fb81d9d8443d13f
-
SSDEEP
6144:HhJkmMlGAzciA4nhT5ai7Ohk/0BFen/xmO:HhJEQloHOXM4O
Malware Config
Targets
-
-
Target
c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0
-
Size
260KB
-
MD5
c9132dc8af427cda1ed60e92202cbcb8
-
SHA1
56dedd44a6c670b51f571c55cf60bff5dd5f05cb
-
SHA256
c3d788de8a2eb47fe0fa0b3885a9675dd762c2eeb98a792a7e6528f013d4adf0
-
SHA512
14c0034d1e6dcf83cbbf8e003286bcd95b71dbc2926a4df843f9159f4d1b99bf523718881fc6881fcc2ea126938f5d1855974d6dc5a25ad65fb81d9d8443d13f
-
SSDEEP
6144:HhJkmMlGAzciA4nhT5ai7Ohk/0BFen/xmO:HhJEQloHOXM4O
Score9/10-
Detects executables containing base64 encoded User Agent
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1