General

  • Target

    ee537a5335c4658517c66e234cf2d6f4098e02668b2a1d4d09bd953effaf719b

  • Size

    607KB

  • Sample

    240613-rytghashma

  • MD5

    9008c84652393c40f4634c0f8801742b

  • SHA1

    8c27b45703ee04320816e86cfa0d0fe898cf3c83

  • SHA256

    ee537a5335c4658517c66e234cf2d6f4098e02668b2a1d4d09bd953effaf719b

  • SHA512

    45beab259ef777ab2449f9b7c9f4f436e3a50c680cc46f087ce3892f1eab93f476a8132efa26f2e7ab7a07cfa5612bc78e72ba9b851316e717690d1a65428188

  • SSDEEP

    12288:Z0iWYLzFzOYnRZdY/fkxBT0rCuhLgrQ7aHvl2v2P6rfPemUbHl0mgTSnlH8:Z0ibLz94cfCVGrQ7aH9KpbUbl0TMp8

Malware Config

Targets

    • Target

      ????.html

    • Size

      410B

    • MD5

      7bb7ae902ffeb8c37fe00b88fe68c1e7

    • SHA1

      c839f12d71b57aafbdbd7bca481e9438e8801579

    • SHA256

      8d518dfe520c4464fe9fd28724ae8d9700ab0a6e5a648f9be8a85a526b095c87

    • SHA512

      46ccd91f2d826b19b272c1440b5f8ef7c96261e0ed8cc40d064a0ddc547400e8c35831280999ab37fb7df2a525c8c88d1d5f3e36161b0b633249c7f226b66803

    Score
    1/10
    • Target

      u????????_???U??????3.0???????@186_6840.exe

    • Size

      633KB

    • MD5

      c767e45296e7e58761b9ad9393b19b71

    • SHA1

      9d9cefe8d27f2aed338f32c642fd0ead0b67f863

    • SHA256

      a27b060565a1bf76cc99b552984ba74faad13d226a6b4b4797e01c67f19c0560

    • SHA512

      54e9a2418bc520adc9386183e56da80df765cdc560186b54b49b287339235bc1a4a716dbce4b6982a1cd9f86d2127d6a0ce955374e13d1fc4ee5267349b0ebf2

    • SSDEEP

      12288:GVvVUdCuZxPKqRGQHPynJBsU+6K08Q3lqZ/AtivlPtCyE174rkd8:GV9sPKqcnKIVCzdPAyEdd8

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Defense Evasion

Modify Registry

2
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks