General

  • Target

    3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e

  • Size

    2.3MB

  • Sample

    240614-zkd4naygnr

  • MD5

    57faf60e3fdc68504c43696d670f5714

  • SHA1

    3a142da12dbd7950c6b75b28e25ab5a7f76e186e

  • SHA256

    3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e

  • SHA512

    ff6c94406f9dd6e9cb15fdb22e8826240b4ea8d0485587444e1014d075982ecdbcff08c64fef43ca618a5697f316d1be06c9867caaa4704e248df07f2f779bb1

  • SSDEEP

    49152:sjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:srkI9rSjA5aDo73pzF2bz3p9y4HgIoov

Malware Config

Targets

    • Target

      3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e

    • Size

      2.3MB

    • MD5

      57faf60e3fdc68504c43696d670f5714

    • SHA1

      3a142da12dbd7950c6b75b28e25ab5a7f76e186e

    • SHA256

      3f602fbde185c275d3b1e345b51b3f70627f7b112f53ceb6f335586ee3e78f9e

    • SHA512

      ff6c94406f9dd6e9cb15fdb22e8826240b4ea8d0485587444e1014d075982ecdbcff08c64fef43ca618a5697f316d1be06c9867caaa4704e248df07f2f779bb1

    • SSDEEP

      49152:sjvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:srkI9rSjA5aDo73pzF2bz3p9y4HgIoov

    • UPX dump on OEP (original entry point)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks