General

  • Target

    317cce95078a906f5bc848a30410bf50_NEAS

  • Size

    72KB

  • Sample

    240506-3jhl8sgd6v

  • MD5

    317cce95078a906f5bc848a30410bf50

  • SHA1

    9dc9bd78db184644f754345531389b8e483818c1

  • SHA256

    e6ff124714102698690836083871e91d60957ff4496ef74f79440b9ecf2b4c44

  • SHA512

    39673bfa35cdeed85869ec7b3a8d76fa3b3fa4f9bb37975e910518f11805627d9bdec3559865b6ff6a4bf939d7e93839b263376b08779d43d4faa7a998c78559

  • SSDEEP

    1536:6LxJJlguY/NbvWU2VkWlVvtlqDyKJR40AEEoP:cc/R+U23vtlPR0pv

Malware Config

Targets

    • Target

      317cce95078a906f5bc848a30410bf50_NEAS

    • Size

      72KB

    • MD5

      317cce95078a906f5bc848a30410bf50

    • SHA1

      9dc9bd78db184644f754345531389b8e483818c1

    • SHA256

      e6ff124714102698690836083871e91d60957ff4496ef74f79440b9ecf2b4c44

    • SHA512

      39673bfa35cdeed85869ec7b3a8d76fa3b3fa4f9bb37975e910518f11805627d9bdec3559865b6ff6a4bf939d7e93839b263376b08779d43d4faa7a998c78559

    • SSDEEP

      1536:6LxJJlguY/NbvWU2VkWlVvtlqDyKJR40AEEoP:cc/R+U23vtlPR0pv

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks