General

  • Target

    aabfcd5bd88571e24faeb547f6f860a123c0b2789a716960dcb5ad46702a3a3f

  • Size

    409KB

  • Sample

    241111-sqdlra1cra

  • MD5

    c72c5e83c411bae5f02a2a46dbc10b8d

  • SHA1

    44edfc950c018698869cecd1454ebadd71d50e31

  • SHA256

    aabfcd5bd88571e24faeb547f6f860a123c0b2789a716960dcb5ad46702a3a3f

  • SHA512

    1fde02d31f054f6234791939ec8836e24649cb398fd8393cc684731227d9128ed1ae393e0a863097981022aacad8c719357fe9de8bd5ab5546708057f608c153

  • SSDEEP

    6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

Malware Config

Targets

    • Target

      aabfcd5bd88571e24faeb547f6f860a123c0b2789a716960dcb5ad46702a3a3f

    • Size

      409KB

    • MD5

      c72c5e83c411bae5f02a2a46dbc10b8d

    • SHA1

      44edfc950c018698869cecd1454ebadd71d50e31

    • SHA256

      aabfcd5bd88571e24faeb547f6f860a123c0b2789a716960dcb5ad46702a3a3f

    • SHA512

      1fde02d31f054f6234791939ec8836e24649cb398fd8393cc684731227d9128ed1ae393e0a863097981022aacad8c719357fe9de8bd5ab5546708057f608c153

    • SSDEEP

      6144:3w9D91dOrcN3ZGXNYFNmIkYvUIelVjjVtGRyFH4:gtRfJcNYFNm8UhlZGse

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks