General

  • Target

    c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a

  • Size

    72KB

  • Sample

    240909-r9ahrswele

  • MD5

    5dd18ff4345abfe77af08f42d954cd63

  • SHA1

    8a513783bc18aab4fa066e67718f638519144a1e

  • SHA256

    c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a

  • SHA512

    25413e9a76a1e77bedd62c3bf0b34cdcd016c5076f2bb53596d8d5fb83110ed19246fc61358bc2b1830afda74661e23d524e142136f7bf56ab2b25ea346f1906

  • SSDEEP

    1536:8Ze+Zk7VJbwlYXjPrsqrZMYR5p8wUawuzXv4exFRKs9uhh:8Ze+azbRPrlr9RXFUawuzX+kuX

Malware Config

Targets

    • Target

      c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a

    • Size

      72KB

    • MD5

      5dd18ff4345abfe77af08f42d954cd63

    • SHA1

      8a513783bc18aab4fa066e67718f638519144a1e

    • SHA256

      c16080fcc2b6c83e0092b93d46158da83c855920da62c6205b64035ba690500a

    • SHA512

      25413e9a76a1e77bedd62c3bf0b34cdcd016c5076f2bb53596d8d5fb83110ed19246fc61358bc2b1830afda74661e23d524e142136f7bf56ab2b25ea346f1906

    • SSDEEP

      1536:8Ze+Zk7VJbwlYXjPrsqrZMYR5p8wUawuzXv4exFRKs9uhh:8Ze+azbRPrlr9RXFUawuzX+kuX

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks