General

  • Target

    abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8

  • Size

    1.8MB

  • Sample

    240614-czwkxswcjj

  • MD5

    7bd7c51d8f8045a7e4c1d95ad3b62b6d

  • SHA1

    ab54d5e32afa60cc4902440163018fff8d1f6b22

  • SHA256

    abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8

  • SHA512

    32b04b53a9f1f7ad76a4f6a6aea26e61da638f910ad8c86ce716a5ac8b4c23c7cde0918d5d2c15395e629849667544c286ac7391dc365c199a0e397380d724db

  • SSDEEP

    49152:VJ23vbocK7x8rtNSPHq4RBh3B1OcFOTcNxKoM:vSbFK0NmXBh3n+doM

Malware Config

Targets

    • Target

      abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8

    • Size

      1.8MB

    • MD5

      7bd7c51d8f8045a7e4c1d95ad3b62b6d

    • SHA1

      ab54d5e32afa60cc4902440163018fff8d1f6b22

    • SHA256

      abf3bc7bd617ab5b2264fa4f6e24baccb3ce51a1c0f75fa8effbb8dd1d506ce8

    • SHA512

      32b04b53a9f1f7ad76a4f6a6aea26e61da638f910ad8c86ce716a5ac8b4c23c7cde0918d5d2c15395e629849667544c286ac7391dc365c199a0e397380d724db

    • SSDEEP

      49152:VJ23vbocK7x8rtNSPHq4RBh3B1OcFOTcNxKoM:vSbFK0NmXBh3n+doM

    • Detects executables containing possible sandbox analysis VM usernames

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks