General

  • Target

    a4cb8f239fcd1e6e9d6338747088ff104a96ff3059af058c9dc4eb522f05f5c1

  • Size

    1.5MB

  • Sample

    240604-bgwmjagf34

  • MD5

    60f06a70acc709742c6f67a13f1c2a36

  • SHA1

    2af845ca6bff029b58a06d50e6c08161257403f5

  • SHA256

    a4cb8f239fcd1e6e9d6338747088ff104a96ff3059af058c9dc4eb522f05f5c1

  • SHA512

    3851c2a3f025a69d6bcc06a7554c74102397902f609fbc836f35efc223d0eb2968d43d15bde77e7e612610f28ad9c349ec6eaf211d3a8834f6c21bed4c9c8f63

  • SSDEEP

    24576:t2SzDMUShnIHYgWmoFnifzIOfcu+fU0l/K+Pelbus7u+kF2KuOknckI1NAR+78cW:QepS5BDFHOfcbU2L26sjKuOkckIN4+7m

Malware Config

Targets

    • Target

      a4cb8f239fcd1e6e9d6338747088ff104a96ff3059af058c9dc4eb522f05f5c1

    • Size

      1.5MB

    • MD5

      60f06a70acc709742c6f67a13f1c2a36

    • SHA1

      2af845ca6bff029b58a06d50e6c08161257403f5

    • SHA256

      a4cb8f239fcd1e6e9d6338747088ff104a96ff3059af058c9dc4eb522f05f5c1

    • SHA512

      3851c2a3f025a69d6bcc06a7554c74102397902f609fbc836f35efc223d0eb2968d43d15bde77e7e612610f28ad9c349ec6eaf211d3a8834f6c21bed4c9c8f63

    • SSDEEP

      24576:t2SzDMUShnIHYgWmoFnifzIOfcu+fU0l/K+Pelbus7u+kF2KuOknckI1NAR+78cW:QepS5BDFHOfcbU2L26sjKuOkckIN4+7m

    • Detects executables containing possible sandbox analysis VM usernames

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks