General

  • Target

    b4fb4635779ffd005dc23d9a661d459fec77b378acf66a03e52262ae0095e42dN

  • Size

    83KB

  • Sample

    241017-bdh72atbnh

  • MD5

    60eafa19c7383f0fd224e93cafd94c70

  • SHA1

    cb1aa5f0b22273fb5912b9d6df076ed5e5ef631b

  • SHA256

    b4fb4635779ffd005dc23d9a661d459fec77b378acf66a03e52262ae0095e42d

  • SHA512

    058b00a1dfd6fbd9eca141eeb49c1f502ae599ca524f68fdd6c321309df7f2e0372d7f55e3cfb2122220226bdbba64460c2b0fc496df1cb0a3147c1a6588058d

  • SSDEEP

    768:qGHV45EDE477AZbUJx0rZGE3jCELoiMMj6hZ3nE+EXVmkDbjRL8Khc15Z6J1SkQ3:qG14P477AxUYrZGoC09k0SkTRHhWqPRU

Malware Config

Targets

    • Target

      b4fb4635779ffd005dc23d9a661d459fec77b378acf66a03e52262ae0095e42dN

    • Size

      83KB

    • MD5

      60eafa19c7383f0fd224e93cafd94c70

    • SHA1

      cb1aa5f0b22273fb5912b9d6df076ed5e5ef631b

    • SHA256

      b4fb4635779ffd005dc23d9a661d459fec77b378acf66a03e52262ae0095e42d

    • SHA512

      058b00a1dfd6fbd9eca141eeb49c1f502ae599ca524f68fdd6c321309df7f2e0372d7f55e3cfb2122220226bdbba64460c2b0fc496df1cb0a3147c1a6588058d

    • SSDEEP

      768:qGHV45EDE477AZbUJx0rZGE3jCELoiMMj6hZ3nE+EXVmkDbjRL8Khc15Z6J1SkQ3:qG14P477AxUYrZGoC09k0SkTRHhWqPRU

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks