General
-
Target
1f33b214bb35090caac925227a004ea2983dd439a09a073dac6ea99d85ee6de7
-
Size
408KB
-
Sample
240727-gwh8ms1dmr
-
MD5
3192ba3097bec10805aac9d8c7a4f803
-
SHA1
b8dd94175b474320d1b5e8083e820bdc5d5d097b
-
SHA256
1f33b214bb35090caac925227a004ea2983dd439a09a073dac6ea99d85ee6de7
-
SHA512
7de881df247e660cf481f7ed72ea04b3f606b458db0b4327e58954839c64068b78c8d67ad05a7520b8baafe2f17e1763bc007e0e0a25edeb46a0b0d62341d1cd
-
SSDEEP
6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse
Malware Config
Targets
-
-
Target
1f33b214bb35090caac925227a004ea2983dd439a09a073dac6ea99d85ee6de7
-
Size
408KB
-
MD5
3192ba3097bec10805aac9d8c7a4f803
-
SHA1
b8dd94175b474320d1b5e8083e820bdc5d5d097b
-
SHA256
1f33b214bb35090caac925227a004ea2983dd439a09a073dac6ea99d85ee6de7
-
SHA512
7de881df247e660cf481f7ed72ea04b3f606b458db0b4327e58954839c64068b78c8d67ad05a7520b8baafe2f17e1763bc007e0e0a25edeb46a0b0d62341d1cd
-
SSDEEP
6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse
Score8/10-
Blocklisted process makes network request
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1