General

  • Target

    ab63edc8ef66b8615be00a68299d0dd2147aff1e0b4761c5665b3fb472f13e6bN.exe

  • Size

    382KB

  • Sample

    241113-psmewssdmj

  • MD5

    a1bf84b38416fc2a103ad30ebbbc8b80

  • SHA1

    1aabd34f74aef30301902ba5a4b8831a477eb21f

  • SHA256

    ab63edc8ef66b8615be00a68299d0dd2147aff1e0b4761c5665b3fb472f13e6b

  • SHA512

    65e27dabc8973fc717f8179dce9b14b9288ff87f98f45c8fbec7535008eee7547c972e8c03c46df5cb042e7dc3b1c216f93d249c66be02f21dc540698bc87d07

  • SSDEEP

    6144:qKgGmTBsuFIsBMkVuq4nITJJVn0wOa7sNvYfSkk/F19e:UGmTau+mMC4ITJE8dfSJ/F1w

Malware Config

Targets

    • Target

      ab63edc8ef66b8615be00a68299d0dd2147aff1e0b4761c5665b3fb472f13e6bN.exe

    • Size

      382KB

    • MD5

      a1bf84b38416fc2a103ad30ebbbc8b80

    • SHA1

      1aabd34f74aef30301902ba5a4b8831a477eb21f

    • SHA256

      ab63edc8ef66b8615be00a68299d0dd2147aff1e0b4761c5665b3fb472f13e6b

    • SHA512

      65e27dabc8973fc717f8179dce9b14b9288ff87f98f45c8fbec7535008eee7547c972e8c03c46df5cb042e7dc3b1c216f93d249c66be02f21dc540698bc87d07

    • SSDEEP

      6144:qKgGmTBsuFIsBMkVuq4nITJJVn0wOa7sNvYfSkk/F19e:UGmTau+mMC4ITJE8dfSJ/F1w

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks