General

  • Target

    2dd6351b3f5c5c520347e13c46673ed4792043b09899b90e61a75360b24f28ceN

  • Size

    159KB

  • Sample

    241016-zf6m4s1gpb

  • MD5

    c115f888b19767c487c736f10efb4820

  • SHA1

    be4e138518238cc7943f45c8cd11efde48f2d493

  • SHA256

    2dd6351b3f5c5c520347e13c46673ed4792043b09899b90e61a75360b24f28ce

  • SHA512

    5bbdf43a864f9333231b0ddeb88579c453bf51ab55474698ecaae8f9643b217c1c9dcad64273ea5f662df0d3f30b3a79285a20c4307fd4cb10840aa9ed25a9d4

  • SSDEEP

    1536:MRiAXaKD5gixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o2:6iAXaKD7Ia6KTdNAbzSGiN0OJ

Malware Config

Targets

    • Target

      2dd6351b3f5c5c520347e13c46673ed4792043b09899b90e61a75360b24f28ceN

    • Size

      159KB

    • MD5

      c115f888b19767c487c736f10efb4820

    • SHA1

      be4e138518238cc7943f45c8cd11efde48f2d493

    • SHA256

      2dd6351b3f5c5c520347e13c46673ed4792043b09899b90e61a75360b24f28ce

    • SHA512

      5bbdf43a864f9333231b0ddeb88579c453bf51ab55474698ecaae8f9643b217c1c9dcad64273ea5f662df0d3f30b3a79285a20c4307fd4cb10840aa9ed25a9d4

    • SSDEEP

      1536:MRiAXaKD5gixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o2:6iAXaKD7Ia6KTdNAbzSGiN0OJ

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks