General

  • Target

    8321d89f9b1b29c59210cc6046cd32740b4b32a194133f399c18ff793138a152N

  • Size

    382KB

  • Sample

    241110-e4c1gsspen

  • MD5

    de5072f7ebdf213bced91ee16c370d30

  • SHA1

    3f83d41cf2eff016f7be5ba0a626beff73481105

  • SHA256

    8321d89f9b1b29c59210cc6046cd32740b4b32a194133f399c18ff793138a152

  • SHA512

    dccbd6d52eab24698522f063731e5f428dc9e1f347e9e7dba79f04cf905960219c5952011bdfcbe8d80d28cf3b922f437fe8e9e0e775e962cfccf82a43cccc9a

  • SSDEEP

    6144:qKgGmTBsuFIsBMkVuq4nITJJVn0wOa7sNvYfSkk/F19:UGmTau+mMC4ITJE8dfSJ/F1

Malware Config

Targets

    • Target

      8321d89f9b1b29c59210cc6046cd32740b4b32a194133f399c18ff793138a152N

    • Size

      382KB

    • MD5

      de5072f7ebdf213bced91ee16c370d30

    • SHA1

      3f83d41cf2eff016f7be5ba0a626beff73481105

    • SHA256

      8321d89f9b1b29c59210cc6046cd32740b4b32a194133f399c18ff793138a152

    • SHA512

      dccbd6d52eab24698522f063731e5f428dc9e1f347e9e7dba79f04cf905960219c5952011bdfcbe8d80d28cf3b922f437fe8e9e0e775e962cfccf82a43cccc9a

    • SSDEEP

      6144:qKgGmTBsuFIsBMkVuq4nITJJVn0wOa7sNvYfSkk/F19:UGmTau+mMC4ITJE8dfSJ/F1

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks