General

  • Target

    a0f017e7ce617aa4d2e4e3e567b370879db9219d16f0d5b5a468ed3141923268

  • Size

    408KB

  • Sample

    241109-ss2flaxbkg

  • MD5

    0a382ec2043db9494226969def3aaac8

  • SHA1

    c4bf98b219cf492f9aefec9ead199d7d2836efd7

  • SHA256

    a0f017e7ce617aa4d2e4e3e567b370879db9219d16f0d5b5a468ed3141923268

  • SHA512

    795034bbb9cb7a550b4cc78ce9344a8103df3d7808eed7358b0672bdc749d753981a557eb565a33db9f23bf4f46bfa07582271cc2570e7aad0ca6d74dd376b9d

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

Malware Config

Targets

    • Target

      a0f017e7ce617aa4d2e4e3e567b370879db9219d16f0d5b5a468ed3141923268

    • Size

      408KB

    • MD5

      0a382ec2043db9494226969def3aaac8

    • SHA1

      c4bf98b219cf492f9aefec9ead199d7d2836efd7

    • SHA256

      a0f017e7ce617aa4d2e4e3e567b370879db9219d16f0d5b5a468ed3141923268

    • SHA512

      795034bbb9cb7a550b4cc78ce9344a8103df3d7808eed7358b0672bdc749d753981a557eb565a33db9f23bf4f46bfa07582271cc2570e7aad0ca6d74dd376b9d

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks