General

  • Target

    d7676a5b99d6a32cf2fce5530fce2bf6a9ba7fcf3ad815f17966c8879a0a93f0N

  • Size

    115KB

  • Sample

    241031-m8bxzsvqbw

  • MD5

    64b619c8af59f02f69df110c16d7f430

  • SHA1

    a7f75ff9516360973121b875c7f5628178492df2

  • SHA256

    d7676a5b99d6a32cf2fce5530fce2bf6a9ba7fcf3ad815f17966c8879a0a93f0

  • SHA512

    9c9df1bd86cf6e18b12a5f3d777be7cd060b442ad7c463b9ad063d6e7dce2dcf19a38716f6bee37926fe5155ef123dc288f893dece344de653fad84454d001d3

  • SSDEEP

    1536:TRiAXaKD5grAhdVA2VukXKzMf3liaL+SWzR+fy1ZZosMiZ7RtEsa:liAXaKDLVaroj6SWzosZGyRtEsa

Malware Config

Targets

    • Target

      d7676a5b99d6a32cf2fce5530fce2bf6a9ba7fcf3ad815f17966c8879a0a93f0N

    • Size

      115KB

    • MD5

      64b619c8af59f02f69df110c16d7f430

    • SHA1

      a7f75ff9516360973121b875c7f5628178492df2

    • SHA256

      d7676a5b99d6a32cf2fce5530fce2bf6a9ba7fcf3ad815f17966c8879a0a93f0

    • SHA512

      9c9df1bd86cf6e18b12a5f3d777be7cd060b442ad7c463b9ad063d6e7dce2dcf19a38716f6bee37926fe5155ef123dc288f893dece344de653fad84454d001d3

    • SSDEEP

      1536:TRiAXaKD5grAhdVA2VukXKzMf3liaL+SWzR+fy1ZZosMiZ7RtEsa:liAXaKDLVaroj6SWzosZGyRtEsa

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks