General

  • Target

    bd6bff3df5d8d2a91e352701b28399a1abdcb48008389efdc51f7ede8918b4e7N.exe

  • Size

    158KB

  • Sample

    241111-t415mszrfs

  • MD5

    c47bd3e4aa92d24190552834b5c47a0f

  • SHA1

    e353fd75e3290eadff7dfebf480d51e4e514c82d

  • SHA256

    bddd1f94c3af522d5fe01ba6ae9893f6b12fdf78bf131b1c771ea60e4c18d5ca

  • SHA512

    029387aad3cedb9f528d4336d94b47968c8dcea1ada2031bd4a7c2888956463c0fccfe1b9e6f19a49eef635dcb1e272a65ec7f6d29aa8e41211a81875d0e01e3

  • SSDEEP

    1536:MRiAXaKD5gixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0oT:6iAXaKD7Ia6KTdNAbzSGiN0OJT

Malware Config

Targets

    • Target

      bd6bff3df5d8d2a91e352701b28399a1abdcb48008389efdc51f7ede8918b4e7N.exe

    • Size

      158KB

    • MD5

      c47bd3e4aa92d24190552834b5c47a0f

    • SHA1

      e353fd75e3290eadff7dfebf480d51e4e514c82d

    • SHA256

      bddd1f94c3af522d5fe01ba6ae9893f6b12fdf78bf131b1c771ea60e4c18d5ca

    • SHA512

      029387aad3cedb9f528d4336d94b47968c8dcea1ada2031bd4a7c2888956463c0fccfe1b9e6f19a49eef635dcb1e272a65ec7f6d29aa8e41211a81875d0e01e3

    • SSDEEP

      1536:MRiAXaKD5gixq7OstjzjW6ZdjtETzR77i11GAbRp0BGiEA0O0oT:6iAXaKD7Ia6KTdNAbzSGiN0OJT

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks