General

  • Target

    601f7df2828a77fd168393bd97b3e60b8382bbb56ec566fa3de5672e5e5770a2N

  • Size

    379KB

  • Sample

    241111-ywhesatrez

  • MD5

    028ee8b74966518d25843314989ad3f0

  • SHA1

    38b46152c3fbe713ad9535a65eec18afbe162b95

  • SHA256

    601f7df2828a77fd168393bd97b3e60b8382bbb56ec566fa3de5672e5e5770a2

  • SHA512

    feafbd229a1ba76916371122dd778ec69d8e45a49b676b3cdc06188db8c7ec0aee954d55e491e8f4c618178ea2878222879cc344ae522ae8c4d56784e7edafe9

  • SSDEEP

    6144:ShBqzv2w/0s/DbAgeonk7n7m8po+yUOKKNG0IxSjXKP+89h:kqzv2wsEDbZ67fpLyUB/5qL8T

Malware Config

Targets

    • Target

      601f7df2828a77fd168393bd97b3e60b8382bbb56ec566fa3de5672e5e5770a2N

    • Size

      379KB

    • MD5

      028ee8b74966518d25843314989ad3f0

    • SHA1

      38b46152c3fbe713ad9535a65eec18afbe162b95

    • SHA256

      601f7df2828a77fd168393bd97b3e60b8382bbb56ec566fa3de5672e5e5770a2

    • SHA512

      feafbd229a1ba76916371122dd778ec69d8e45a49b676b3cdc06188db8c7ec0aee954d55e491e8f4c618178ea2878222879cc344ae522ae8c4d56784e7edafe9

    • SSDEEP

      6144:ShBqzv2w/0s/DbAgeonk7n7m8po+yUOKKNG0IxSjXKP+89h:kqzv2wsEDbZ67fpLyUB/5qL8T

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks