General

  • Target

    5ca5346d01524caa4f0c138271f268315918926fa84c56d466ed7e5ee6e3a6d7N

  • Size

    90KB

  • Sample

    241016-hq4stsxhrd

  • MD5

    9698d02ad0f1d73ace83a406d901a1a0

  • SHA1

    99552c48d055a333a3246396a4176984f9458145

  • SHA256

    5ca5346d01524caa4f0c138271f268315918926fa84c56d466ed7e5ee6e3a6d7

  • SHA512

    eb97d43694f3ec97c56b1eab8a7d4940e10d218b9c6f3acac69d2cb9d6085c346f443001ea0f3606b40e9a5112d9fcd1ae7b073435e1661c8813a47263fe2553

  • SSDEEP

    1536:vICQCfd/UV2FyVw4zp6G5XKy1E6w8J52gw0JNqyFzWu9W5uyWZ07VUt:v1t1E2FyVw4zINy1FxJ5y07qluM5A

Malware Config

Targets

    • Target

      5ca5346d01524caa4f0c138271f268315918926fa84c56d466ed7e5ee6e3a6d7N

    • Size

      90KB

    • MD5

      9698d02ad0f1d73ace83a406d901a1a0

    • SHA1

      99552c48d055a333a3246396a4176984f9458145

    • SHA256

      5ca5346d01524caa4f0c138271f268315918926fa84c56d466ed7e5ee6e3a6d7

    • SHA512

      eb97d43694f3ec97c56b1eab8a7d4940e10d218b9c6f3acac69d2cb9d6085c346f443001ea0f3606b40e9a5112d9fcd1ae7b073435e1661c8813a47263fe2553

    • SSDEEP

      1536:vICQCfd/UV2FyVw4zp6G5XKy1E6w8J52gw0JNqyFzWu9W5uyWZ07VUt:v1t1E2FyVw4zINy1FxJ5y07qluM5A

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks