General

  • Target

    67816f75102c74a0d92166a70d137054e2f21bbc756981c93dee046070dd2ffb

  • Size

    863KB

  • Sample

    240530-2syjdacg2z

  • MD5

    0c825a4fe8337960fa17e360aa97559d

  • SHA1

    c3342f9990fad7a8a89c9a473d7e90b400ce204b

  • SHA256

    67816f75102c74a0d92166a70d137054e2f21bbc756981c93dee046070dd2ffb

  • SHA512

    070b8b1072882c9ac245afd9af13296b31ce0a6b52ee8466a6802b7ad71fcfed3d2f35b6536657114c3a29f530938f85e2944a319ca68a50d487bfc599489f1c

  • SSDEEP

    12288:7EQoSaqhHnVu2FI+x5XUPon3CwIy7jeJfzUmzRUgd7frh8N16DrKYkDYi+emijp8:7rHE2FZxpUPonSG7jeVomJrKJDTlxp8

Malware Config

Targets

    • Target

      67816f75102c74a0d92166a70d137054e2f21bbc756981c93dee046070dd2ffb

    • Size

      863KB

    • MD5

      0c825a4fe8337960fa17e360aa97559d

    • SHA1

      c3342f9990fad7a8a89c9a473d7e90b400ce204b

    • SHA256

      67816f75102c74a0d92166a70d137054e2f21bbc756981c93dee046070dd2ffb

    • SHA512

      070b8b1072882c9ac245afd9af13296b31ce0a6b52ee8466a6802b7ad71fcfed3d2f35b6536657114c3a29f530938f85e2944a319ca68a50d487bfc599489f1c

    • SSDEEP

      12288:7EQoSaqhHnVu2FI+x5XUPon3CwIy7jeJfzUmzRUgd7frh8N16DrKYkDYi+emijp8:7rHE2FZxpUPonSG7jeVomJrKJDTlxp8

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks