General

  • Target

    10a28a59ce13378e10eb6b2ae7fc294299b52df9220fbc847fcbeff5242d0928

  • Size

    140KB

  • Sample

    240611-xfj31axdjr

  • MD5

    9c78d81685ceaceef65c18a06e19dc73

  • SHA1

    e3c36c0469b93ac220a32b95beec9167719853c2

  • SHA256

    10a28a59ce13378e10eb6b2ae7fc294299b52df9220fbc847fcbeff5242d0928

  • SHA512

    6d67d1c4af997c564303abc85886a7e68358cf31b8a4b7a2b059c34884467947ed7faa2c6ba74d9c90c23d22eae1c7cf14c484a5ac46caf0684688fdf9484d87

  • SSDEEP

    1536:03aacznhtqkUla/NGVcJ/gAqcX0JMseuiGSeNVvDi0tMuUJJny3GM+9:taCqc9rqzMseNoVv9EJFnM8

Malware Config

Targets

    • Target

      10a28a59ce13378e10eb6b2ae7fc294299b52df9220fbc847fcbeff5242d0928

    • Size

      140KB

    • MD5

      9c78d81685ceaceef65c18a06e19dc73

    • SHA1

      e3c36c0469b93ac220a32b95beec9167719853c2

    • SHA256

      10a28a59ce13378e10eb6b2ae7fc294299b52df9220fbc847fcbeff5242d0928

    • SHA512

      6d67d1c4af997c564303abc85886a7e68358cf31b8a4b7a2b059c34884467947ed7faa2c6ba74d9c90c23d22eae1c7cf14c484a5ac46caf0684688fdf9484d87

    • SSDEEP

      1536:03aacznhtqkUla/NGVcJ/gAqcX0JMseuiGSeNVvDi0tMuUJJny3GM+9:taCqc9rqzMseNoVv9EJFnM8

    • Detects executables containing base64 encoded User Agent

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks