General

  • Target

    ed4a8dc3259b8f48bccbd25cb24f7f214749fb5eb89cde0deeee8ca23b5ee3f9

  • Size

    2.3MB

  • Sample

    240825-hpvtjasejl

  • MD5

    2c2101026b463e2fe6baece06422962e

  • SHA1

    c3a4d41a22cffa0b123590dcee9f11472ea337b5

  • SHA256

    ed4a8dc3259b8f48bccbd25cb24f7f214749fb5eb89cde0deeee8ca23b5ee3f9

  • SHA512

    a2743bfb349ba6f397b947331902fd2a2a20ea799a570a6cafa8a47e0617d8c83787a1887b192592ad51b127f6c13b81428797465d0500e7b2ccccf4aef335ef

  • SSDEEP

    49152:4jvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:4rkI9rSjA5aDo73pzF2bz3p9y4HgIoov

Malware Config

Targets

    • Target

      ed4a8dc3259b8f48bccbd25cb24f7f214749fb5eb89cde0deeee8ca23b5ee3f9

    • Size

      2.3MB

    • MD5

      2c2101026b463e2fe6baece06422962e

    • SHA1

      c3a4d41a22cffa0b123590dcee9f11472ea337b5

    • SHA256

      ed4a8dc3259b8f48bccbd25cb24f7f214749fb5eb89cde0deeee8ca23b5ee3f9

    • SHA512

      a2743bfb349ba6f397b947331902fd2a2a20ea799a570a6cafa8a47e0617d8c83787a1887b192592ad51b127f6c13b81428797465d0500e7b2ccccf4aef335ef

    • SSDEEP

      49152:4jvk2d9rJpNJ6jUFdXaDoIHmXMupzh72lxakn2YpHdy4ZBgIoooNe:4rkI9rSjA5aDo73pzF2bz3p9y4HgIoov

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks