General

  • Target

    3c52d0867b9c577f7ad07065233c2076fb997be9f9dd40c3cccd002007bf1e53

  • Size

    408KB

  • Sample

    241109-nkh7tsspay

  • MD5

    603a1cc27f46292e777be2a27b6e341c

  • SHA1

    bc023bb6f5caf8e19a3eb57277bb1211452ff4ef

  • SHA256

    3c52d0867b9c577f7ad07065233c2076fb997be9f9dd40c3cccd002007bf1e53

  • SHA512

    4d595ee258f21adfd87f217e1a24e704be70a4c87d2eb69aa91346654ab0033279310cc640feea823fc7977dfee21703caa64b8c21997c9e6d27b210145bc6ea

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

Malware Config

Targets

    • Target

      3c52d0867b9c577f7ad07065233c2076fb997be9f9dd40c3cccd002007bf1e53

    • Size

      408KB

    • MD5

      603a1cc27f46292e777be2a27b6e341c

    • SHA1

      bc023bb6f5caf8e19a3eb57277bb1211452ff4ef

    • SHA256

      3c52d0867b9c577f7ad07065233c2076fb997be9f9dd40c3cccd002007bf1e53

    • SHA512

      4d595ee258f21adfd87f217e1a24e704be70a4c87d2eb69aa91346654ab0033279310cc640feea823fc7977dfee21703caa64b8c21997c9e6d27b210145bc6ea

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks