General

  • Target

    20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448

  • Size

    97KB

  • Sample

    240611-x7anmsydqk

  • MD5

    0cc1b41982eecb7533bac9d6e4dcc697

  • SHA1

    c3718bb311c5a93d1cce4e36270da40e8ba0d7c4

  • SHA256

    20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448

  • SHA512

    7472f1d09d30ebc98f61f4dcdb33c8162e5b264a9b6869fda10b18c83eb95dc0953fdee21abc2b970189ea662c145a228d91359df6d8104454e7929a1bb43256

  • SSDEEP

    3072:IK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0p:Il6XYeel6GGGVO

Malware Config

Targets

    • Target

      20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448

    • Size

      97KB

    • MD5

      0cc1b41982eecb7533bac9d6e4dcc697

    • SHA1

      c3718bb311c5a93d1cce4e36270da40e8ba0d7c4

    • SHA256

      20c7ff891dd2101346ff655d5c3d357eb9ee7e25cae29611b41bcf777699a448

    • SHA512

      7472f1d09d30ebc98f61f4dcdb33c8162e5b264a9b6869fda10b18c83eb95dc0953fdee21abc2b970189ea662c145a228d91359df6d8104454e7929a1bb43256

    • SSDEEP

      3072:IK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0p:Il6XYeel6GGGVO

    • Detects executables containing base64 encoded User Agent

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks