General

  • Target

    ae1139c1aeaf498f4f0382f9b9737d719b7f48f109593c33becd668eca2e5f3a

  • Size

    1.1MB

  • Sample

    240614-c4mtksscrc

  • MD5

    a88b7e56d2196898214f28045ac769cc

  • SHA1

    604fefa0fcbd270232c21dc6c0b83c8fc020b5e7

  • SHA256

    ae1139c1aeaf498f4f0382f9b9737d719b7f48f109593c33becd668eca2e5f3a

  • SHA512

    da8f6c09dd2d965f42b1f63b0910d772710744757bd3f04b78221e157f4161bc50a2ea46005e54acec9dfaf9d5f41a370703f86ed04e2cc761fb0eb4883ba08b

  • SSDEEP

    24576:2wMcZNs2OyZQa961iXTjCp9X9XdG70Sy29ErSz11PvKWPa:hMcZNs2VsUDjCvpA7Hy2uWz11nHPa

Malware Config

Targets

    • Target

      ae1139c1aeaf498f4f0382f9b9737d719b7f48f109593c33becd668eca2e5f3a

    • Size

      1.1MB

    • MD5

      a88b7e56d2196898214f28045ac769cc

    • SHA1

      604fefa0fcbd270232c21dc6c0b83c8fc020b5e7

    • SHA256

      ae1139c1aeaf498f4f0382f9b9737d719b7f48f109593c33becd668eca2e5f3a

    • SHA512

      da8f6c09dd2d965f42b1f63b0910d772710744757bd3f04b78221e157f4161bc50a2ea46005e54acec9dfaf9d5f41a370703f86ed04e2cc761fb0eb4883ba08b

    • SSDEEP

      24576:2wMcZNs2OyZQa961iXTjCp9X9XdG70Sy29ErSz11PvKWPa:hMcZNs2VsUDjCvpA7Hy2uWz11nHPa

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks