General

  • Target

    9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4N

  • Size

    102KB

  • Sample

    241026-dkkesayemg

  • MD5

    5af1e1fc0a30541d26d1e37526b7bfe0

  • SHA1

    bdc1a9d291d67756d2aa6926d08baf65566749af

  • SHA256

    9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4

  • SHA512

    ca1d212041e2e7a4911e14879709be6978b8f0b2af027a24915017db8e05d56aca70b70650f9445c37023e7695182c0e68a0c3710fbcc4248d34fa260734e85a

  • SSDEEP

    3072:xK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0px:xl6XYeel6GGGVOn

Malware Config

Targets

    • Target

      9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4N

    • Size

      102KB

    • MD5

      5af1e1fc0a30541d26d1e37526b7bfe0

    • SHA1

      bdc1a9d291d67756d2aa6926d08baf65566749af

    • SHA256

      9a0ff5d37764351083bd1b1e8a58117de7b7e8e48c40ceff7ce69e1b428543e4

    • SHA512

      ca1d212041e2e7a4911e14879709be6978b8f0b2af027a24915017db8e05d56aca70b70650f9445c37023e7695182c0e68a0c3710fbcc4248d34fa260734e85a

    • SSDEEP

      3072:xK4RNx6nb4RoIw/XBSeral6oaE0HGnvXuEOrc0px:xl6XYeel6GGGVOn

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks