General

  • Target

    b1de1881662e9351d87ad0afed008a2b8a9535fc68b22cfd47b503936e1321b6N

  • Size

    96KB

  • Sample

    241110-gasvystnbr

  • MD5

    49208bb673e5e742aa818051ad017680

  • SHA1

    38d3ac02e4f6050a88ae069c538c143f26b58bd3

  • SHA256

    b1de1881662e9351d87ad0afed008a2b8a9535fc68b22cfd47b503936e1321b6

  • SHA512

    a1605b93f62a04a837123219d0719e61e4ae10ce6fd48f70e75afb3717b4c297bbd690ac5c7411098603cda60ff088e5778504f794b92e9b8f84f1695aef902b

  • SSDEEP

    3072:11PgEOng1d66jRVa+n4NmNNouukrD7HNS:TpOg1xFV54eNobG7H

Malware Config

Targets

    • Target

      b1de1881662e9351d87ad0afed008a2b8a9535fc68b22cfd47b503936e1321b6N

    • Size

      96KB

    • MD5

      49208bb673e5e742aa818051ad017680

    • SHA1

      38d3ac02e4f6050a88ae069c538c143f26b58bd3

    • SHA256

      b1de1881662e9351d87ad0afed008a2b8a9535fc68b22cfd47b503936e1321b6

    • SHA512

      a1605b93f62a04a837123219d0719e61e4ae10ce6fd48f70e75afb3717b4c297bbd690ac5c7411098603cda60ff088e5778504f794b92e9b8f84f1695aef902b

    • SSDEEP

      3072:11PgEOng1d66jRVa+n4NmNNouukrD7HNS:TpOg1xFV54eNobG7H

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks