General

  • Target

    f135531a4e85ab7a26c8baebd2d645c5949469fce76616c1477555e6fe61a795N

  • Size

    152KB

  • Sample

    241111-wjvhgatald

  • MD5

    950dbd9741ed5ef2a9304a0b86180c60

  • SHA1

    bc4ab3cb7292f1060839284b26666813968a97ed

  • SHA256

    f135531a4e85ab7a26c8baebd2d645c5949469fce76616c1477555e6fe61a795

  • SHA512

    b1e6909cf61828aaaa41335ea6dd7ab8dacf49275cc1d3e24c69bb7f67fd61247cb7153d71fa8f4224698bbaa290dd760faec5cf533c9cdf0444fdb50bf6c927

  • SSDEEP

    3072:+Xyxum6XqmeJtY/VSSmZ1QAT25omGiDTKWb95C51jnWb1VOZ47vm2E+RLxwJD:+ixr5bVSmfQg25zvDTfb95ajs1VO67C

Malware Config

Targets

    • Target

      f135531a4e85ab7a26c8baebd2d645c5949469fce76616c1477555e6fe61a795N

    • Size

      152KB

    • MD5

      950dbd9741ed5ef2a9304a0b86180c60

    • SHA1

      bc4ab3cb7292f1060839284b26666813968a97ed

    • SHA256

      f135531a4e85ab7a26c8baebd2d645c5949469fce76616c1477555e6fe61a795

    • SHA512

      b1e6909cf61828aaaa41335ea6dd7ab8dacf49275cc1d3e24c69bb7f67fd61247cb7153d71fa8f4224698bbaa290dd760faec5cf533c9cdf0444fdb50bf6c927

    • SSDEEP

      3072:+Xyxum6XqmeJtY/VSSmZ1QAT25omGiDTKWb95C51jnWb1VOZ47vm2E+RLxwJD:+ixr5bVSmfQg25zvDTfb95ajs1VO67C

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks