General

  • Target

    e399c67287b960692c4ea816d861e24f3cc8bc0fe75f7f8165aab20cae9d8d25N

  • Size

    93KB

  • Sample

    241016-2b89jszdmm

  • MD5

    cee1433a4a69a9e53652636ccbd49b90

  • SHA1

    702234b757e139fa57474aba42bb355a7bdf7a1e

  • SHA256

    e399c67287b960692c4ea816d861e24f3cc8bc0fe75f7f8165aab20cae9d8d25

  • SHA512

    faae51f15c6a0b095bf1c6bd4fb40d4315723c9e0d9c749b71f15e39a715ae0d4d40d7e3659c2e3b2c2d9cf608b6d4a85c3afec153a943409857cbd90fb3d871

  • SSDEEP

    1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI

Malware Config

Targets

    • Target

      e399c67287b960692c4ea816d861e24f3cc8bc0fe75f7f8165aab20cae9d8d25N

    • Size

      93KB

    • MD5

      cee1433a4a69a9e53652636ccbd49b90

    • SHA1

      702234b757e139fa57474aba42bb355a7bdf7a1e

    • SHA256

      e399c67287b960692c4ea816d861e24f3cc8bc0fe75f7f8165aab20cae9d8d25

    • SHA512

      faae51f15c6a0b095bf1c6bd4fb40d4315723c9e0d9c749b71f15e39a715ae0d4d40d7e3659c2e3b2c2d9cf608b6d4a85c3afec153a943409857cbd90fb3d871

    • SSDEEP

      1536:1MIPgEm56wnbkKC2ZyBJU066lwLCRVEB+nR/y8cmNrEIviCOzuajkrDl9HNSj:11PgEOng1d66jRVa+n4NmNNouukrD7HI

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks