General

  • Target

    fd1e0df19c772aa95cefaad0c0012d91c43afe54606f1721b55c026b843786f5

  • Size

    379KB

  • Sample

    241111-vhyytsvpdr

  • MD5

    e364dddef3d952f5f072f8ec05bec120

  • SHA1

    03e54bc60e9f4f1e8620868552609c985ff8d72c

  • SHA256

    fd1e0df19c772aa95cefaad0c0012d91c43afe54606f1721b55c026b843786f5

  • SHA512

    ece83e3365d5a52ea2df5c5d268272106623de1f1423c2587f08e828f0148f3c2f32ad7c608045030cdc3f534e7e3cd18c24623d35b40d98e70810e43e141eb3

  • SSDEEP

    6144:ShBqzv2w/0s/DbAgeonk7n7m8po+yUOKKNG0IxSjXKP+89wh:kqzv2wsEDbZ67fpLyUB/5qL8w

Malware Config

Targets

    • Target

      fd1e0df19c772aa95cefaad0c0012d91c43afe54606f1721b55c026b843786f5

    • Size

      379KB

    • MD5

      e364dddef3d952f5f072f8ec05bec120

    • SHA1

      03e54bc60e9f4f1e8620868552609c985ff8d72c

    • SHA256

      fd1e0df19c772aa95cefaad0c0012d91c43afe54606f1721b55c026b843786f5

    • SHA512

      ece83e3365d5a52ea2df5c5d268272106623de1f1423c2587f08e828f0148f3c2f32ad7c608045030cdc3f534e7e3cd18c24623d35b40d98e70810e43e141eb3

    • SSDEEP

      6144:ShBqzv2w/0s/DbAgeonk7n7m8po+yUOKKNG0IxSjXKP+89wh:kqzv2wsEDbZ67fpLyUB/5qL8w

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks