General

  • Target

    7bd572dc3e3fb209cf4aa7925aa9af5fa39c144f9a3b3450c61f43ae1ea96854

  • Size

    200KB

  • Sample

    241110-gdwe9a1bml

  • MD5

    1977ae115f4b8614cca1d0b0ce30e914

  • SHA1

    056a1c5d9e59f7ffcfb9efa10786ee000ea1bd52

  • SHA256

    7bd572dc3e3fb209cf4aa7925aa9af5fa39c144f9a3b3450c61f43ae1ea96854

  • SHA512

    56f51760117eb9bc78bab5d1b1126afd451b82fe1ddb342388537587aaddbe1a757622babcc9d079649e6db335465a80f1685579f0953e9c1ce461c946542f62

  • SSDEEP

    3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

Malware Config

Targets

    • Target

      7bd572dc3e3fb209cf4aa7925aa9af5fa39c144f9a3b3450c61f43ae1ea96854

    • Size

      200KB

    • MD5

      1977ae115f4b8614cca1d0b0ce30e914

    • SHA1

      056a1c5d9e59f7ffcfb9efa10786ee000ea1bd52

    • SHA256

      7bd572dc3e3fb209cf4aa7925aa9af5fa39c144f9a3b3450c61f43ae1ea96854

    • SHA512

      56f51760117eb9bc78bab5d1b1126afd451b82fe1ddb342388537587aaddbe1a757622babcc9d079649e6db335465a80f1685579f0953e9c1ce461c946542f62

    • SSDEEP

      3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks