General

  • Target

    b6c18d20c9e775c34c06a99758ade56d261fbd3ce4f30206b13d4a24d9c0f8f0.exe

  • Size

    192KB

  • Sample

    241111-xf2caateqp

  • MD5

    0e0bd35b3a3e40cea11e941719d4e9b6

  • SHA1

    c0e126c268ec7d8105760856cc7f4a847d2bb2b9

  • SHA256

    b6c18d20c9e775c34c06a99758ade56d261fbd3ce4f30206b13d4a24d9c0f8f0

  • SHA512

    f0ef5c0d544b2824a0b6c58132115f9d893001b955ed6edb4a9c3205a4b6d1ec5c4cad8fd064d5018fa87a26e61e8574bcd0d51295bb148a4b0230905f69e7e2

  • SSDEEP

    3072:QoiD6UJRpHOrBbsfxm/MxlQq1IcB9nXg88LIHfj68agvkvhBkPhIe/yL6uY:EDJTOrBQgMNIcBBQ1I/jogvEZm

Malware Config

Targets

    • Target

      b6c18d20c9e775c34c06a99758ade56d261fbd3ce4f30206b13d4a24d9c0f8f0.exe

    • Size

      192KB

    • MD5

      0e0bd35b3a3e40cea11e941719d4e9b6

    • SHA1

      c0e126c268ec7d8105760856cc7f4a847d2bb2b9

    • SHA256

      b6c18d20c9e775c34c06a99758ade56d261fbd3ce4f30206b13d4a24d9c0f8f0

    • SHA512

      f0ef5c0d544b2824a0b6c58132115f9d893001b955ed6edb4a9c3205a4b6d1ec5c4cad8fd064d5018fa87a26e61e8574bcd0d51295bb148a4b0230905f69e7e2

    • SSDEEP

      3072:QoiD6UJRpHOrBbsfxm/MxlQq1IcB9nXg88LIHfj68agvkvhBkPhIe/yL6uY:EDJTOrBQgMNIcBBQ1I/jogvEZm

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks