General

  • Target

    7c2d9e6e0ef4c1a1da1cc6c9402c8643518935756783d83bbfa70b71fe2e8d2aN

  • Size

    152KB

  • Sample

    241109-mch2essfjp

  • MD5

    8d4330965006c1ea68010959eccd96a0

  • SHA1

    d7fd70850a4ada79f1ad630230dccb03461d5f86

  • SHA256

    7c2d9e6e0ef4c1a1da1cc6c9402c8643518935756783d83bbfa70b71fe2e8d2a

  • SHA512

    04d7a82acd328b252507fff7bbe75729ab14ef702110918eefbb297f0c2032dbff7e5a6410f8a9f4d6b53c825b1aea492f7bd6888e52ae12bb26b9f124963342

  • SSDEEP

    3072:ByLRmnX+Okrspw8oSgUZavaz0twh44hb3jRHFlSYt+Fd7:8LgX2ccoic40b3jRllSDf

Malware Config

Targets

    • Target

      7c2d9e6e0ef4c1a1da1cc6c9402c8643518935756783d83bbfa70b71fe2e8d2aN

    • Size

      152KB

    • MD5

      8d4330965006c1ea68010959eccd96a0

    • SHA1

      d7fd70850a4ada79f1ad630230dccb03461d5f86

    • SHA256

      7c2d9e6e0ef4c1a1da1cc6c9402c8643518935756783d83bbfa70b71fe2e8d2a

    • SHA512

      04d7a82acd328b252507fff7bbe75729ab14ef702110918eefbb297f0c2032dbff7e5a6410f8a9f4d6b53c825b1aea492f7bd6888e52ae12bb26b9f124963342

    • SSDEEP

      3072:ByLRmnX+Okrspw8oSgUZavaz0twh44hb3jRHFlSYt+Fd7:8LgX2ccoic40b3jRllSDf

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks