General

  • Target

    9967333e71cb9d20c01e54504586c51651cf090306eb21dba9c477f209ea61ab

  • Size

    94KB

  • Sample

    241016-bz7grawdpc

  • MD5

    235126a6fcdd952ce3adf837e72455b7

  • SHA1

    05553713fd87ae701ccb8d92b1a07257659eb970

  • SHA256

    9967333e71cb9d20c01e54504586c51651cf090306eb21dba9c477f209ea61ab

  • SHA512

    2e4e3b2482031eec7d345899743541cfca0b5936e7244c10f5352fa8b2b26ae3044a52c916031e666740af972c405adb93f4906368f7e6b4fbc5a0791ec948fe

  • SSDEEP

    1536:TSSABNx6vb4RoI47zzzzzzzzzvfxzVzNrzzzgzzzzzzzzzzzzzzzz6zzzdzzzzlB:eSABNx6vb4RoI4pyjHYLhal01UoPX+h0

Malware Config

Targets

    • Target

      9967333e71cb9d20c01e54504586c51651cf090306eb21dba9c477f209ea61ab

    • Size

      94KB

    • MD5

      235126a6fcdd952ce3adf837e72455b7

    • SHA1

      05553713fd87ae701ccb8d92b1a07257659eb970

    • SHA256

      9967333e71cb9d20c01e54504586c51651cf090306eb21dba9c477f209ea61ab

    • SHA512

      2e4e3b2482031eec7d345899743541cfca0b5936e7244c10f5352fa8b2b26ae3044a52c916031e666740af972c405adb93f4906368f7e6b4fbc5a0791ec948fe

    • SSDEEP

      1536:TSSABNx6vb4RoI47zzzzzzzzzvfxzVzNrzzzgzzzzzzzzzzzzzzzz6zzzdzzzzlB:eSABNx6vb4RoI4pyjHYLhal01UoPX+h0

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks