General

  • Target

    3ecf02c0639f09f304d3b761898e3e7470252ce175c0a1d364b208c36ef415d4

  • Size

    88KB

  • Sample

    240611-zyrlxa1gqm

  • MD5

    7362ac68888eafadb55406efef9aa15c

  • SHA1

    d242fc3bbe5c6091405f9e568a32b25b999d8267

  • SHA256

    3ecf02c0639f09f304d3b761898e3e7470252ce175c0a1d364b208c36ef415d4

  • SHA512

    d076ed2fbb37b78f29d5b76f860ed9909264cef022e82397cdcaaf080a7847d577081272183e907543608881422d3f1bf9345f6182b4ecf72a3b2eddf7be80f0

  • SSDEEP

    1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSjE:11PgEOng1d66jRVa+n4NmNNouukrD7HD

Malware Config

Targets

    • Target

      3ecf02c0639f09f304d3b761898e3e7470252ce175c0a1d364b208c36ef415d4

    • Size

      88KB

    • MD5

      7362ac68888eafadb55406efef9aa15c

    • SHA1

      d242fc3bbe5c6091405f9e568a32b25b999d8267

    • SHA256

      3ecf02c0639f09f304d3b761898e3e7470252ce175c0a1d364b208c36ef415d4

    • SHA512

      d076ed2fbb37b78f29d5b76f860ed9909264cef022e82397cdcaaf080a7847d577081272183e907543608881422d3f1bf9345f6182b4ecf72a3b2eddf7be80f0

    • SSDEEP

      1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSjE:11PgEOng1d66jRVa+n4NmNNouukrD7HD

    • Detects executables containing base64 encoded User Agent

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks