General

  • Target

    5c10fd6a9b5c3325208bfcd0efeeb191322b01c3800b0e1bc7fab84c080bd289

  • Size

    158KB

  • Sample

    241016-z1d4lashnb

  • MD5

    254e5f62d8441ef2a4688265d41afbe3

  • SHA1

    041bece2d799928084c54d64c2719e4122a205c3

  • SHA256

    5c10fd6a9b5c3325208bfcd0efeeb191322b01c3800b0e1bc7fab84c080bd289

  • SHA512

    37f311520f2f5b892ae4816c05dd3c920d79cb41f7c880c7d2cd8d0e1aa33fc2d38acc9edb11236aa75f0ab098bd063c158dbcb49b2c596b1775729e1a05f353

  • SSDEEP

    3072:oONY+aHR7T65f4n/lAA8G6Drz3ihAvVg7MIEYVQYe6:oOq+8S4/lAJj33Vg7rGYe

Malware Config

Targets

    • Target

      5c10fd6a9b5c3325208bfcd0efeeb191322b01c3800b0e1bc7fab84c080bd289

    • Size

      158KB

    • MD5

      254e5f62d8441ef2a4688265d41afbe3

    • SHA1

      041bece2d799928084c54d64c2719e4122a205c3

    • SHA256

      5c10fd6a9b5c3325208bfcd0efeeb191322b01c3800b0e1bc7fab84c080bd289

    • SHA512

      37f311520f2f5b892ae4816c05dd3c920d79cb41f7c880c7d2cd8d0e1aa33fc2d38acc9edb11236aa75f0ab098bd063c158dbcb49b2c596b1775729e1a05f353

    • SSDEEP

      3072:oONY+aHR7T65f4n/lAA8G6Drz3ihAvVg7MIEYVQYe6:oOq+8S4/lAJj33Vg7rGYe

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks