General

  • Target

    6765b4e60143858e12523fb1af8239b74b21b6474563601368b762029573979cN

  • Size

    229KB

  • Sample

    241109-jzarsatmdn

  • MD5

    5c0ae3dd5631b2126932a571fb6a97f0

  • SHA1

    3de2ddd74c324aa13985dc604d23ba38e0993767

  • SHA256

    6765b4e60143858e12523fb1af8239b74b21b6474563601368b762029573979c

  • SHA512

    505fa7588cb314b7d783a55c6b8cf5d304f4f9d425f8d7214e40058f69dd087c4623733214a8282f9bd769596762c861d02bd1c685467d2ed0d01c521d0d518b

  • SSDEEP

    6144:22IXn2Kid45GqVl4JUiNf1G2fofZ6N96UYc+D:hJo5GYy+Kf1GMWZ62UYc+

Malware Config

Targets

    • Target

      6765b4e60143858e12523fb1af8239b74b21b6474563601368b762029573979cN

    • Size

      229KB

    • MD5

      5c0ae3dd5631b2126932a571fb6a97f0

    • SHA1

      3de2ddd74c324aa13985dc604d23ba38e0993767

    • SHA256

      6765b4e60143858e12523fb1af8239b74b21b6474563601368b762029573979c

    • SHA512

      505fa7588cb314b7d783a55c6b8cf5d304f4f9d425f8d7214e40058f69dd087c4623733214a8282f9bd769596762c861d02bd1c685467d2ed0d01c521d0d518b

    • SSDEEP

      6144:22IXn2Kid45GqVl4JUiNf1G2fofZ6N96UYc+D:hJo5GYy+Kf1GMWZ62UYc+

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks