General

  • Target

    051ca57cb9a7fbc6f4ae8d414dd4476b542ea4108cfabdd86caed0c791d78523.exe

  • Size

    382KB

  • Sample

    241113-pn9pma1ngw

  • MD5

    fdd4b536508b0fc113af5dd0403a8a77

  • SHA1

    b3d90892ab804bcc54b259ea8d1a6722c26790a2

  • SHA256

    051ca57cb9a7fbc6f4ae8d414dd4476b542ea4108cfabdd86caed0c791d78523

  • SHA512

    1d8e278c138128c570942ded831da4ba7f5395cfaf3faff0d96e6989d971dc48d7e95a945f411fc1541894052fc9dbd1c4629d9c4a8effd56a52e6f77b4888d4

  • SSDEEP

    6144:qKgGmTBsuFIsBMkVuq4nITJJVn0wOa7sNvYfSkk/F19O:UGmTau+mMC4ITJE8dfSJ/F1Q

Malware Config

Targets

    • Target

      051ca57cb9a7fbc6f4ae8d414dd4476b542ea4108cfabdd86caed0c791d78523.exe

    • Size

      382KB

    • MD5

      fdd4b536508b0fc113af5dd0403a8a77

    • SHA1

      b3d90892ab804bcc54b259ea8d1a6722c26790a2

    • SHA256

      051ca57cb9a7fbc6f4ae8d414dd4476b542ea4108cfabdd86caed0c791d78523

    • SHA512

      1d8e278c138128c570942ded831da4ba7f5395cfaf3faff0d96e6989d971dc48d7e95a945f411fc1541894052fc9dbd1c4629d9c4a8effd56a52e6f77b4888d4

    • SSDEEP

      6144:qKgGmTBsuFIsBMkVuq4nITJJVn0wOa7sNvYfSkk/F19O:UGmTau+mMC4ITJE8dfSJ/F1Q

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks