General

  • Target

    64009500f37feba9f465a025f5050842699f7ca815f9fc258ee9ff63481f6dd9

  • Size

    2.1MB

  • Sample

    240601-16kzrsge41

  • MD5

    0aad2883962b2efc868d379a00285589

  • SHA1

    328b66ade60a9d91104ec79d7b76b60733b12dcd

  • SHA256

    64009500f37feba9f465a025f5050842699f7ca815f9fc258ee9ff63481f6dd9

  • SHA512

    d04dd74a81888920c7318f919cd921d831039bc41f39b4f27039fb190bc9f93ca4ab974a3849b9d3d3530b67576046833bc72cd9bcaed62a2d589f5e83db457a

  • SSDEEP

    49152:BemgNSdeuqaTDA9XjlHuBO8L2wM8wke/6SxBimDRLg/MQNCmi:/goYTYmRHuBO9w/eSSSaRiMQxi

Malware Config

Targets

    • Target

      64009500f37feba9f465a025f5050842699f7ca815f9fc258ee9ff63481f6dd9

    • Size

      2.1MB

    • MD5

      0aad2883962b2efc868d379a00285589

    • SHA1

      328b66ade60a9d91104ec79d7b76b60733b12dcd

    • SHA256

      64009500f37feba9f465a025f5050842699f7ca815f9fc258ee9ff63481f6dd9

    • SHA512

      d04dd74a81888920c7318f919cd921d831039bc41f39b4f27039fb190bc9f93ca4ab974a3849b9d3d3530b67576046833bc72cd9bcaed62a2d589f5e83db457a

    • SSDEEP

      49152:BemgNSdeuqaTDA9XjlHuBO8L2wM8wke/6SxBimDRLg/MQNCmi:/goYTYmRHuBO9w/eSSSaRiMQxi

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks