General

  • Target

    0261d6eeeb92f6782b02cf6475cd91d0_NEAS

  • Size

    153KB

  • Sample

    240506-x33tmaae24

  • MD5

    0261d6eeeb92f6782b02cf6475cd91d0

  • SHA1

    17919c89efbbf7ef5904a09ef96a105d4ec794bf

  • SHA256

    f9f7618143f6737b27cde9e9f13ab2d822f23c21633903671566ba89fc5fdfe1

  • SHA512

    821984bcc61beda8dd89bd02591cd4a306da81d99f7006559fa018d66bf9a8d0a3d53ce910f71bf848bb1564ae2463f85ecd5723bc1fcf790e89fa7441eddc4e

  • SSDEEP

    3072:oZpYg19EeiLLmjempGuCYooEK1JWaCItULG3rt2Wcora4dIM:OPjEl6jLiQ1JW+Oy3p/D

Malware Config

Targets

    • Target

      0261d6eeeb92f6782b02cf6475cd91d0_NEAS

    • Size

      153KB

    • MD5

      0261d6eeeb92f6782b02cf6475cd91d0

    • SHA1

      17919c89efbbf7ef5904a09ef96a105d4ec794bf

    • SHA256

      f9f7618143f6737b27cde9e9f13ab2d822f23c21633903671566ba89fc5fdfe1

    • SHA512

      821984bcc61beda8dd89bd02591cd4a306da81d99f7006559fa018d66bf9a8d0a3d53ce910f71bf848bb1564ae2463f85ecd5723bc1fcf790e89fa7441eddc4e

    • SSDEEP

      3072:oZpYg19EeiLLmjempGuCYooEK1JWaCItULG3rt2Wcora4dIM:OPjEl6jLiQ1JW+Oy3p/D

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks