General

  • Target

    1a5dbff87a15f7eda5d8f6a0466edcd0_NEAS

  • Size

    143KB

  • Sample

    240506-1cq9pafa88

  • MD5

    1a5dbff87a15f7eda5d8f6a0466edcd0

  • SHA1

    99018cec5871cbff3608d77462ed4625e6348e0e

  • SHA256

    a1cc726f33c06a6e4e9179ecb9cdd2fa87be8d27413b1d73a1a1ea5ae1312d57

  • SHA512

    82b622d40c50af54df0d9c0307449aa4ab68f476b9deeca38e4048dc5a0579371836213fa80dcccebaf393ea0461bed50d3d03e5f4a2561aefde01a227e53d20

  • SSDEEP

    1536:03aacznhtqkUla/NGVcJ/gAqcX0JMseuiGSeNVvDi0tMuUJJny3GM+9:taCqc9rqzMseNoVv9EJFnM8

Malware Config

Targets

    • Target

      1a5dbff87a15f7eda5d8f6a0466edcd0_NEAS

    • Size

      143KB

    • MD5

      1a5dbff87a15f7eda5d8f6a0466edcd0

    • SHA1

      99018cec5871cbff3608d77462ed4625e6348e0e

    • SHA256

      a1cc726f33c06a6e4e9179ecb9cdd2fa87be8d27413b1d73a1a1ea5ae1312d57

    • SHA512

      82b622d40c50af54df0d9c0307449aa4ab68f476b9deeca38e4048dc5a0579371836213fa80dcccebaf393ea0461bed50d3d03e5f4a2561aefde01a227e53d20

    • SSDEEP

      1536:03aacznhtqkUla/NGVcJ/gAqcX0JMseuiGSeNVvDi0tMuUJJny3GM+9:taCqc9rqzMseNoVv9EJFnM8

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks