General

  • Target

    bbec4fab6180237a8a0f80e4b367250c9f03dffe1b2db85d032b1588b6eceb24

  • Size

    410KB

  • Sample

    241110-f5fy7szhqp

  • MD5

    6d64cc4235b865d0ea175522dfba6de0

  • SHA1

    7fb67a9fc5a325fdde36559893ce850fdb0abf04

  • SHA256

    bbec4fab6180237a8a0f80e4b367250c9f03dffe1b2db85d032b1588b6eceb24

  • SHA512

    c5e7960cc3d0f0b41c33a5c553aee4c96debfb782e49bd9c6969db7432673d1bd8f344f081ac861081e6b678910d46294975539e2a3cab23ef3bfec1518bb24a

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4Z:gtRfJcNYFNm8UhlZGseZ

Malware Config

Targets

    • Target

      bbec4fab6180237a8a0f80e4b367250c9f03dffe1b2db85d032b1588b6eceb24

    • Size

      410KB

    • MD5

      6d64cc4235b865d0ea175522dfba6de0

    • SHA1

      7fb67a9fc5a325fdde36559893ce850fdb0abf04

    • SHA256

      bbec4fab6180237a8a0f80e4b367250c9f03dffe1b2db85d032b1588b6eceb24

    • SHA512

      c5e7960cc3d0f0b41c33a5c553aee4c96debfb782e49bd9c6969db7432673d1bd8f344f081ac861081e6b678910d46294975539e2a3cab23ef3bfec1518bb24a

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4Z:gtRfJcNYFNm8UhlZGseZ

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks