General

  • Target

    47310a735e0de0edfbfccfe1c5ef2770_NEAS

  • Size

    128KB

  • Sample

    240507-by65lafd75

  • MD5

    47310a735e0de0edfbfccfe1c5ef2770

  • SHA1

    49279cfe15a1e69bd34b774081661589e26ce60f

  • SHA256

    6bc54f644e46c6fedb705661b4940d89ac3210dcaa37cb4c796a13d708ca207c

  • SHA512

    1975c16c632f1335f815c6688eed89a31020412566e689fe356161813e6c3e9a129e1b33c4fe5564c0e9dd6a9895eaa559c76a6f023ca7c4c39fdd78cc074755

  • SSDEEP

    3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPU:18NcMxdLQ81amJMF7eKs

Malware Config

Targets

    • Target

      47310a735e0de0edfbfccfe1c5ef2770_NEAS

    • Size

      128KB

    • MD5

      47310a735e0de0edfbfccfe1c5ef2770

    • SHA1

      49279cfe15a1e69bd34b774081661589e26ce60f

    • SHA256

      6bc54f644e46c6fedb705661b4940d89ac3210dcaa37cb4c796a13d708ca207c

    • SHA512

      1975c16c632f1335f815c6688eed89a31020412566e689fe356161813e6c3e9a129e1b33c4fe5564c0e9dd6a9895eaa559c76a6f023ca7c4c39fdd78cc074755

    • SSDEEP

      3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPU:18NcMxdLQ81amJMF7eKs

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks