General

  • Target

    d207c28a1c1844f285e3f522dd506e858628583fa3ad7686f270d1efc880bd46

  • Size

    256KB

  • Sample

    240509-ey2fwsad4z

  • MD5

    7ff8f28fc0ee3d106150a6c2c993d6b9

  • SHA1

    8a4cb0b9c82dfb8031bd2d41ac34ac543082114a

  • SHA256

    d207c28a1c1844f285e3f522dd506e858628583fa3ad7686f270d1efc880bd46

  • SHA512

    1c29f73f73a2c1cd6d465508506d69552dc18f8fe2b436ade169e2c94b8777bff1af39ae940ba5c033740647c5f60f0071ba2646d4cf91234fed91a2c4b5d059

  • SSDEEP

    6144:iyHJ4wTB5Ia9p+S0dSpTU+h/zquE1j57Lu6Bwc772:ig4wTvoS05kzNEj7Lu6n

Malware Config

Targets

    • Target

      d207c28a1c1844f285e3f522dd506e858628583fa3ad7686f270d1efc880bd46

    • Size

      256KB

    • MD5

      7ff8f28fc0ee3d106150a6c2c993d6b9

    • SHA1

      8a4cb0b9c82dfb8031bd2d41ac34ac543082114a

    • SHA256

      d207c28a1c1844f285e3f522dd506e858628583fa3ad7686f270d1efc880bd46

    • SHA512

      1c29f73f73a2c1cd6d465508506d69552dc18f8fe2b436ade169e2c94b8777bff1af39ae940ba5c033740647c5f60f0071ba2646d4cf91234fed91a2c4b5d059

    • SSDEEP

      6144:iyHJ4wTB5Ia9p+S0dSpTU+h/zquE1j57Lu6Bwc772:ig4wTvoS05kzNEj7Lu6n

    • Detects executables containing base64 encoded User Agent

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks