General

  • Target

    a7127366793cf3c7627ac862fbf1f3355a4ffa411c33221a638be68aaae13871N

  • Size

    610KB

  • Sample

    241015-1mkvnashnq

  • MD5

    9b4e432cbfc2ee313c6cc3a455ff26a0

  • SHA1

    57295c087af7ffad7fd5c98323c9ffd835580848

  • SHA256

    a7127366793cf3c7627ac862fbf1f3355a4ffa411c33221a638be68aaae13871

  • SHA512

    86a7eea6f1a377ba585ab9d9111697b264ab8ebc686b9548d2e56e9c9d0ef256e51cd2cd86d70091b92dc0808f9a55a0ffae24b4b08cc71dd340fe9d7ffdc586

  • SSDEEP

    12288:EVRTE3het1yJh2HduH7GqjTyiVRTE3het1yJh2HduH7GqjTy:IX1AwHsH7hTyOX1AwHsH7hTy

Malware Config

Targets

    • Target

      a7127366793cf3c7627ac862fbf1f3355a4ffa411c33221a638be68aaae13871N

    • Size

      610KB

    • MD5

      9b4e432cbfc2ee313c6cc3a455ff26a0

    • SHA1

      57295c087af7ffad7fd5c98323c9ffd835580848

    • SHA256

      a7127366793cf3c7627ac862fbf1f3355a4ffa411c33221a638be68aaae13871

    • SHA512

      86a7eea6f1a377ba585ab9d9111697b264ab8ebc686b9548d2e56e9c9d0ef256e51cd2cd86d70091b92dc0808f9a55a0ffae24b4b08cc71dd340fe9d7ffdc586

    • SSDEEP

      12288:EVRTE3het1yJh2HduH7GqjTyiVRTE3het1yJh2HduH7GqjTy:IX1AwHsH7hTyOX1AwHsH7hTy

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks