General

  • Target

    8a52d793bdc5a2fd28610be651b59ae0_NEAS

  • Size

    145KB

  • Sample

    240507-p3mteaba74

  • MD5

    8a52d793bdc5a2fd28610be651b59ae0

  • SHA1

    12c363b1ab0eeee2d97213df85a90c186d7b47f1

  • SHA256

    0284fb3c7a3498dc8adb39a369d78197a4b949c1f85c765ceca6dbdd762d3571

  • SHA512

    ac54697b94baaf0902a44c494f82355b666cff3e88602637cc33709c88cd3e621ee542d712beb68cd326b5217f554b0908212f1dce4869dae5085da0835a1ac8

  • SSDEEP

    1536:+fxvtgixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:+HIa6KTdNAbzSGiN0OJ

Malware Config

Targets

    • Target

      8a52d793bdc5a2fd28610be651b59ae0_NEAS

    • Size

      145KB

    • MD5

      8a52d793bdc5a2fd28610be651b59ae0

    • SHA1

      12c363b1ab0eeee2d97213df85a90c186d7b47f1

    • SHA256

      0284fb3c7a3498dc8adb39a369d78197a4b949c1f85c765ceca6dbdd762d3571

    • SHA512

      ac54697b94baaf0902a44c494f82355b666cff3e88602637cc33709c88cd3e621ee542d712beb68cd326b5217f554b0908212f1dce4869dae5085da0835a1ac8

    • SSDEEP

      1536:+fxvtgixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:+HIa6KTdNAbzSGiN0OJ

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks