General

  • Target

    63c536d29ff0b8a3e700e23539780459656bfd5f380b9d8b96b3fa6a6ec5d55a

  • Size

    405KB

  • Sample

    240509-dss2wsad83

  • MD5

    8847706c7b585ae2d124a0dffea1b858

  • SHA1

    f983b9409a8341846eb5b84801ed65eb70671b03

  • SHA256

    63c536d29ff0b8a3e700e23539780459656bfd5f380b9d8b96b3fa6a6ec5d55a

  • SHA512

    6ee7937f99b263bfabc02131b3972693fc1d4ddce92d67f846e39f219ea7a168f8875bd04eb3ae16844d4ffadd280a5f86854160551ba3a67c199a60e5fca9b6

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4U:gtRfJcNYFNm8UhlZGseU

Malware Config

Targets

    • Target

      63c536d29ff0b8a3e700e23539780459656bfd5f380b9d8b96b3fa6a6ec5d55a

    • Size

      405KB

    • MD5

      8847706c7b585ae2d124a0dffea1b858

    • SHA1

      f983b9409a8341846eb5b84801ed65eb70671b03

    • SHA256

      63c536d29ff0b8a3e700e23539780459656bfd5f380b9d8b96b3fa6a6ec5d55a

    • SHA512

      6ee7937f99b263bfabc02131b3972693fc1d4ddce92d67f846e39f219ea7a168f8875bd04eb3ae16844d4ffadd280a5f86854160551ba3a67c199a60e5fca9b6

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4U:gtRfJcNYFNm8UhlZGseU

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks