General

  • Target

    3a6eba9d16247371e9b3470ac87fbeee3d3fb1d5af33c6d75186547691c0aec1

  • Size

    89KB

  • Sample

    241016-ytfs6stdkm

  • MD5

    55f6710704d91c189e7eae01c3b3bd8b

  • SHA1

    4e6abef0670cca68dc1e4466073926ef8fc9e802

  • SHA256

    3a6eba9d16247371e9b3470ac87fbeee3d3fb1d5af33c6d75186547691c0aec1

  • SHA512

    e4d8db489754b0db1966b3d7819c02c3a6b8602a1ec7968ef09d4434c07038b060ea49b392c5c8172b7a7c4be328e770d6c94aa369d4a9e3789804f23723d02d

  • SSDEEP

    1536:XHXqO6ZG03eyenOj9lgA/PObuTMT5NMCfL7ojaZf5aZlBlGs:M1uF6Feu2NlQOBcGs

Malware Config

Targets

    • Target

      3a6eba9d16247371e9b3470ac87fbeee3d3fb1d5af33c6d75186547691c0aec1

    • Size

      89KB

    • MD5

      55f6710704d91c189e7eae01c3b3bd8b

    • SHA1

      4e6abef0670cca68dc1e4466073926ef8fc9e802

    • SHA256

      3a6eba9d16247371e9b3470ac87fbeee3d3fb1d5af33c6d75186547691c0aec1

    • SHA512

      e4d8db489754b0db1966b3d7819c02c3a6b8602a1ec7968ef09d4434c07038b060ea49b392c5c8172b7a7c4be328e770d6c94aa369d4a9e3789804f23723d02d

    • SSDEEP

      1536:XHXqO6ZG03eyenOj9lgA/PObuTMT5NMCfL7ojaZf5aZlBlGs:M1uF6Feu2NlQOBcGs

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks