General
-
Target
virussign.com_5bc713abe9c2bb6d40a9360666dff0e0.vir
-
Size
88KB
-
Sample
240602-wx5wcsbe24
-
MD5
5bc713abe9c2bb6d40a9360666dff0e0
-
SHA1
9e61fd8c44c5e4eb94c34e61ecf413512d82d55a
-
SHA256
7fc83dfbbf68c440b48c87c15282e8436666fadc36ef39e8d1cae32c6eaf5bf8
-
SHA512
deca62b785bf38a2748e8661d53116945d25e4bf26041eb53c9e71d1cbcbe1b391cf21105c76f30df343806da44ae4d44289b3a99f8822fecc3128d6031ba71b
-
SSDEEP
1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI
Malware Config
Targets
-
-
Target
virussign.com_5bc713abe9c2bb6d40a9360666dff0e0.vir
-
Size
88KB
-
MD5
5bc713abe9c2bb6d40a9360666dff0e0
-
SHA1
9e61fd8c44c5e4eb94c34e61ecf413512d82d55a
-
SHA256
7fc83dfbbf68c440b48c87c15282e8436666fadc36ef39e8d1cae32c6eaf5bf8
-
SHA512
deca62b785bf38a2748e8661d53116945d25e4bf26041eb53c9e71d1cbcbe1b391cf21105c76f30df343806da44ae4d44289b3a99f8822fecc3128d6031ba71b
-
SSDEEP
1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI
Score8/10-
Blocklisted process makes network request
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1