General

  • Target

    34585f65085d615e9bafb3bd8329732261a0ce2dc1a2c9d10dc778ead363804b

  • Size

    406KB

  • Sample

    240611-kfr3ds1dqr

  • MD5

    a136192cb56a2681c3c793af4c71c3f4

  • SHA1

    2875c4a9ef7cf0d8446efa4663d6e4fa68588ca5

  • SHA256

    34585f65085d615e9bafb3bd8329732261a0ce2dc1a2c9d10dc778ead363804b

  • SHA512

    876c47916232c8c81ac0c19e41c4334e80b11d399af02a5c4465e11d2ac6a5f9f35b7dcea4b340f279e01956fbd08820e1f7223c04d10b0f99593d8703be88c6

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

Malware Config

Targets

    • Target

      34585f65085d615e9bafb3bd8329732261a0ce2dc1a2c9d10dc778ead363804b

    • Size

      406KB

    • MD5

      a136192cb56a2681c3c793af4c71c3f4

    • SHA1

      2875c4a9ef7cf0d8446efa4663d6e4fa68588ca5

    • SHA256

      34585f65085d615e9bafb3bd8329732261a0ce2dc1a2c9d10dc778ead363804b

    • SHA512

      876c47916232c8c81ac0c19e41c4334e80b11d399af02a5c4465e11d2ac6a5f9f35b7dcea4b340f279e01956fbd08820e1f7223c04d10b0f99593d8703be88c6

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks