General

  • Target

    d8b3933677573724643a617e25183d5913ba93b24e6bf86281c144f9e6d332a5

  • Size

    96KB

  • Sample

    241109-evlw2awqgz

  • MD5

    046ed293f9af6b1c84d06b0d029a7ed9

  • SHA1

    947d358538400665665c0744b0cc91c02e3d1333

  • SHA256

    d8b3933677573724643a617e25183d5913ba93b24e6bf86281c144f9e6d332a5

  • SHA512

    e2805017de833be587218fb75ae4fa5a7e35b6db29509db8f986c134d8c4c61371cff9ce80e6766e51bb2ed14a0a2c2b40814b7f1aea4183e2623d43b4cdb93a

  • SSDEEP

    3072:tSABNx6vb4RoI4mwRxO0tA6vGsa6cPIVK:tl6xRxltAT/gV

Malware Config

Targets

    • Target

      d8b3933677573724643a617e25183d5913ba93b24e6bf86281c144f9e6d332a5

    • Size

      96KB

    • MD5

      046ed293f9af6b1c84d06b0d029a7ed9

    • SHA1

      947d358538400665665c0744b0cc91c02e3d1333

    • SHA256

      d8b3933677573724643a617e25183d5913ba93b24e6bf86281c144f9e6d332a5

    • SHA512

      e2805017de833be587218fb75ae4fa5a7e35b6db29509db8f986c134d8c4c61371cff9ce80e6766e51bb2ed14a0a2c2b40814b7f1aea4183e2623d43b4cdb93a

    • SSDEEP

      3072:tSABNx6vb4RoI4mwRxO0tA6vGsa6cPIVK:tl6xRxltAT/gV

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks