General
-
Target
ab69771a0e63ffad60fe10f81338ca90N
-
Size
128KB
-
Sample
240908-d4j85avhqd
-
MD5
ab69771a0e63ffad60fe10f81338ca90
-
SHA1
360dad23de4fe8e088fd80a7120f3543ef7e6969
-
SHA256
d013526e762eb1d41da64ae095163c504f98fbcfe557530814b1547bb041b363
-
SHA512
c7903db5eaf36dd7af6d02356757fe09d3e16f7a194bb293f9b2fd5e1cf2e5a115771d0f667b84e14c0b91418994cd04ad1a22e9648eacfe89c814fc016fb690
-
SSDEEP
3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPZ:18NcMxdLQ81amJMF7eKR
Malware Config
Targets
-
-
Target
ab69771a0e63ffad60fe10f81338ca90N
-
Size
128KB
-
MD5
ab69771a0e63ffad60fe10f81338ca90
-
SHA1
360dad23de4fe8e088fd80a7120f3543ef7e6969
-
SHA256
d013526e762eb1d41da64ae095163c504f98fbcfe557530814b1547bb041b363
-
SHA512
c7903db5eaf36dd7af6d02356757fe09d3e16f7a194bb293f9b2fd5e1cf2e5a115771d0f667b84e14c0b91418994cd04ad1a22e9648eacfe89c814fc016fb690
-
SSDEEP
3072:pE+8OKVuMxgMLQ813qgy0ExYhnMzJkt0lDMKPZ:18NcMxdLQ81amJMF7eKR
Score8/10-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1