General

  • Target

    9684355c817bcd37070416efd2d7e94b7728342684bd32d05e529a7c06e05368N

  • Size

    121KB

  • Sample

    241111-r4gd5a1blb

  • MD5

    94f2961fc2b869f53847ebd070d49f00

  • SHA1

    3077da7ed908b91e7eabdd67dd1df6a7608b13ea

  • SHA256

    9684355c817bcd37070416efd2d7e94b7728342684bd32d05e529a7c06e05368

  • SHA512

    677d6160f32908fcb772023d906af8a37cf3fa7f8a9a8e6f23c1993c8bf10a2c35bbc6ba0a26ec0e70470ec3f54da2d4e6ff5848858f91161c2db0ac149102c3

  • SSDEEP

    3072:EagwS1Ut+KNPJI1F3Md55keTZwcM2I38QXyn:vUGPJKF3Md55ZTZwz38QXi

Malware Config

Targets

    • Target

      9684355c817bcd37070416efd2d7e94b7728342684bd32d05e529a7c06e05368N

    • Size

      121KB

    • MD5

      94f2961fc2b869f53847ebd070d49f00

    • SHA1

      3077da7ed908b91e7eabdd67dd1df6a7608b13ea

    • SHA256

      9684355c817bcd37070416efd2d7e94b7728342684bd32d05e529a7c06e05368

    • SHA512

      677d6160f32908fcb772023d906af8a37cf3fa7f8a9a8e6f23c1993c8bf10a2c35bbc6ba0a26ec0e70470ec3f54da2d4e6ff5848858f91161c2db0ac149102c3

    • SSDEEP

      3072:EagwS1Ut+KNPJI1F3Md55keTZwcM2I38QXyn:vUGPJKF3Md55ZTZwz38QXi

    • Blocklisted process makes network request

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks