General

  • Target

    8bdf4d8fa85844b818b7896bf7c15780_NEAS

  • Size

    196KB

  • Sample

    240507-p47j7sbb47

  • MD5

    8bdf4d8fa85844b818b7896bf7c15780

  • SHA1

    f009feae399985e1a171ec8699e18a8e5dfe7da0

  • SHA256

    024cca47181790dbb641e0c2ce0ef8eb255bb5a84f15e077506be39e457432e7

  • SHA512

    c52eb461d1fd972f03b9ddc09075b94dc7e4b701c7a8162bfb1884e661f27c7c4156964f0e9def0b3359c3c683a05b93494cf0d9bcec26d885eaf378776c3e96

  • SSDEEP

    3072:a74MyJjjlLzVjN50BdQqlYgp72xzbuawaGO0OJw8KWs6IgVLE7QkfIA:awj30dlZ+GVaRVLE7QkfI

Malware Config

Targets

    • Target

      8bdf4d8fa85844b818b7896bf7c15780_NEAS

    • Size

      196KB

    • MD5

      8bdf4d8fa85844b818b7896bf7c15780

    • SHA1

      f009feae399985e1a171ec8699e18a8e5dfe7da0

    • SHA256

      024cca47181790dbb641e0c2ce0ef8eb255bb5a84f15e077506be39e457432e7

    • SHA512

      c52eb461d1fd972f03b9ddc09075b94dc7e4b701c7a8162bfb1884e661f27c7c4156964f0e9def0b3359c3c683a05b93494cf0d9bcec26d885eaf378776c3e96

    • SSDEEP

      3072:a74MyJjjlLzVjN50BdQqlYgp72xzbuawaGO0OJw8KWs6IgVLE7QkfIA:awj30dlZ+GVaRVLE7QkfI

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks