General

  • Target

    cbe4c917f006830c90e20cc691bb6c9444ef920b2fe513d5f9d2a278f35e845eN

  • Size

    157KB

  • Sample

    241110-g1t6ps1glg

  • MD5

    02ed298fe7d00979566bd9e0544a51f0

  • SHA1

    ae2f9afdc6968666de77d541c17c76199eab35bb

  • SHA256

    cbe4c917f006830c90e20cc691bb6c9444ef920b2fe513d5f9d2a278f35e845e

  • SHA512

    3d7635d55837442db713020a6b30320c3d51c58b7f7056ad43e4343fdbe402b1c1a6f2eaa218cf7f001bbd4b1acceb23808a2921b64140808124b3e0a485a639

  • SSDEEP

    1536:+fxvtgixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:+HIa6KTdNAbzSGiN0OJ

Malware Config

Targets

    • Target

      cbe4c917f006830c90e20cc691bb6c9444ef920b2fe513d5f9d2a278f35e845eN

    • Size

      157KB

    • MD5

      02ed298fe7d00979566bd9e0544a51f0

    • SHA1

      ae2f9afdc6968666de77d541c17c76199eab35bb

    • SHA256

      cbe4c917f006830c90e20cc691bb6c9444ef920b2fe513d5f9d2a278f35e845e

    • SHA512

      3d7635d55837442db713020a6b30320c3d51c58b7f7056ad43e4343fdbe402b1c1a6f2eaa218cf7f001bbd4b1acceb23808a2921b64140808124b3e0a485a639

    • SSDEEP

      1536:+fxvtgixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0o:+HIa6KTdNAbzSGiN0OJ

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks