General

  • Target

    d6c0e8615650978fcfd11cc5f6c1348fc8c244a35d7d1b4823323140bf541daf

  • Size

    200KB

  • Sample

    241110-gdwe9azpd1

  • MD5

    279f0ab956226f6732e34e3d1c64a23c

  • SHA1

    01aaa4e734ccc94e9080fbafe5a81d55677ee0a2

  • SHA256

    d6c0e8615650978fcfd11cc5f6c1348fc8c244a35d7d1b4823323140bf541daf

  • SHA512

    fa7e3f884497ee1105f9bc82a7b99a23b1c09e5c0093f735edf653fd021d66bdd75a8d7f6c943c30a8730dd6e1546b56d5dccd158adf36e25826d1e7ff7dd8c6

  • SSDEEP

    3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

Malware Config

Targets

    • Target

      d6c0e8615650978fcfd11cc5f6c1348fc8c244a35d7d1b4823323140bf541daf

    • Size

      200KB

    • MD5

      279f0ab956226f6732e34e3d1c64a23c

    • SHA1

      01aaa4e734ccc94e9080fbafe5a81d55677ee0a2

    • SHA256

      d6c0e8615650978fcfd11cc5f6c1348fc8c244a35d7d1b4823323140bf541daf

    • SHA512

      fa7e3f884497ee1105f9bc82a7b99a23b1c09e5c0093f735edf653fd021d66bdd75a8d7f6c943c30a8730dd6e1546b56d5dccd158adf36e25826d1e7ff7dd8c6

    • SSDEEP

      3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks