General

  • Target

    13cec0a6601cf956799df2a43c3c062251b08301b9004e8443a92fa276be417b

  • Size

    180KB

  • Sample

    240508-x8zn6abe9s

  • MD5

    997697da19a2ee6cc0b7a993bd687c05

  • SHA1

    fe97e14e61496600dc7d836ba99691dd6d7a5ee6

  • SHA256

    13cec0a6601cf956799df2a43c3c062251b08301b9004e8443a92fa276be417b

  • SHA512

    c42562c647179ddcfa152ea6b3472748805d06ea277cdd4336a6bf6ff4ef711e34f9ab886801ae704f8153e40e83a9f62bc7787a4a4d1eae9154770546470ea2

  • SSDEEP

    3072:FuOFvvJwfNJxrt0YVDXz+uUsI2E9yRdl6PNEh2aOUQS7bhfNH6i:FfvvJa5t0ez+u9I6SV+ySfhf

Malware Config

Targets

    • Target

      13cec0a6601cf956799df2a43c3c062251b08301b9004e8443a92fa276be417b

    • Size

      180KB

    • MD5

      997697da19a2ee6cc0b7a993bd687c05

    • SHA1

      fe97e14e61496600dc7d836ba99691dd6d7a5ee6

    • SHA256

      13cec0a6601cf956799df2a43c3c062251b08301b9004e8443a92fa276be417b

    • SHA512

      c42562c647179ddcfa152ea6b3472748805d06ea277cdd4336a6bf6ff4ef711e34f9ab886801ae704f8153e40e83a9f62bc7787a4a4d1eae9154770546470ea2

    • SSDEEP

      3072:FuOFvvJwfNJxrt0YVDXz+uUsI2E9yRdl6PNEh2aOUQS7bhfNH6i:FfvvJa5t0ez+u9I6SV+ySfhf

    • Detects executables containing base64 encoded User Agent

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks