General

  • Target

    67d17cdf23ddc670b4d923d0f249a9f53e56c44e0da940fac042d610b055b8c6

  • Size

    405KB

  • Sample

    240515-neq1gseg9t

  • MD5

    34c7c3888f62794df4ca70d0aecda91e

  • SHA1

    665d6ef879b1e3cd387185d66981b99008251bd4

  • SHA256

    67d17cdf23ddc670b4d923d0f249a9f53e56c44e0da940fac042d610b055b8c6

  • SHA512

    8d210541e9755640f307b91e1811115595fa80e1a94f6b9bf4c23334a0baed79cefe463e5b4e46d0a50ab6a613e5b4b5c80f8779935f33160123453cdaca9238

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

Malware Config

Targets

    • Target

      67d17cdf23ddc670b4d923d0f249a9f53e56c44e0da940fac042d610b055b8c6

    • Size

      405KB

    • MD5

      34c7c3888f62794df4ca70d0aecda91e

    • SHA1

      665d6ef879b1e3cd387185d66981b99008251bd4

    • SHA256

      67d17cdf23ddc670b4d923d0f249a9f53e56c44e0da940fac042d610b055b8c6

    • SHA512

      8d210541e9755640f307b91e1811115595fa80e1a94f6b9bf4c23334a0baed79cefe463e5b4e46d0a50ab6a613e5b4b5c80f8779935f33160123453cdaca9238

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks