General

  • Target

    58c51c85a3d7288b060c311ca61edbf0_NEAS

  • Size

    320KB

  • Sample

    240507-nje4sadg8t

  • MD5

    58c51c85a3d7288b060c311ca61edbf0

  • SHA1

    8750188ca824aa1569894322c24e09c56917321e

  • SHA256

    73895287a5a8a15df2792b0ba73f1cb7b17afc6a19c009892d4fe1058a6b2e6d

  • SHA512

    4f330f330c3ed8b6bb3290384ebc0e22515c5e1336b816f5474ba7ef41e9986d8690aa4d01a0bc7ce000315d0a86527b1efb90728f7f4a7abefcd9a4fab3b823

  • SSDEEP

    6144:7tatPE5TxP8ev1zQBgexOdw6rpI9FsAC9:oPwTt8Cl+zGp64

Malware Config

Targets

    • Target

      58c51c85a3d7288b060c311ca61edbf0_NEAS

    • Size

      320KB

    • MD5

      58c51c85a3d7288b060c311ca61edbf0

    • SHA1

      8750188ca824aa1569894322c24e09c56917321e

    • SHA256

      73895287a5a8a15df2792b0ba73f1cb7b17afc6a19c009892d4fe1058a6b2e6d

    • SHA512

      4f330f330c3ed8b6bb3290384ebc0e22515c5e1336b816f5474ba7ef41e9986d8690aa4d01a0bc7ce000315d0a86527b1efb90728f7f4a7abefcd9a4fab3b823

    • SSDEEP

      6144:7tatPE5TxP8ev1zQBgexOdw6rpI9FsAC9:oPwTt8Cl+zGp64

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks