General

  • Target

    1c38ff14e729cc1738c016c89a52a3dc885f3b6fc39385fcfb87ad82af9fc629

  • Size

    198KB

  • Sample

    241015-3ey4essdqg

  • MD5

    2f17895be3b294a645e1553340c98535

  • SHA1

    58b51f05c8f36ae43f9732234934e0d926e82380

  • SHA256

    1c38ff14e729cc1738c016c89a52a3dc885f3b6fc39385fcfb87ad82af9fc629

  • SHA512

    2f827224a7b8225d9c083cb6dea892ad90c9092260f1f21fe2ebfe9f339978bb69dd3bc011435784302a67e3ac6d01e5a3e656e840e8b728ceec0131f4edef95

  • SSDEEP

    3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

Malware Config

Targets

    • Target

      1c38ff14e729cc1738c016c89a52a3dc885f3b6fc39385fcfb87ad82af9fc629

    • Size

      198KB

    • MD5

      2f17895be3b294a645e1553340c98535

    • SHA1

      58b51f05c8f36ae43f9732234934e0d926e82380

    • SHA256

      1c38ff14e729cc1738c016c89a52a3dc885f3b6fc39385fcfb87ad82af9fc629

    • SHA512

      2f827224a7b8225d9c083cb6dea892ad90c9092260f1f21fe2ebfe9f339978bb69dd3bc011435784302a67e3ac6d01e5a3e656e840e8b728ceec0131f4edef95

    • SSDEEP

      3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks