General

  • Target

    ceb899e86faa56a3a883e0fb75dfe875e13439309a8ef3f33ec65d6fecd41af0.exe

  • Size

    195KB

  • Sample

    241113-qhqj8ssjbz

  • MD5

    027c2704cc8c25a08993f9c5efaa3dfb

  • SHA1

    3b22afd4f64cf2801f8f9bd541cc49fc5a00fa65

  • SHA256

    ceb899e86faa56a3a883e0fb75dfe875e13439309a8ef3f33ec65d6fecd41af0

  • SHA512

    d04d2e8bc9743e42460831ff28bcc2e7f7ef873d39ec13907bb315612128e4263b49e6c3b25a5d4b713b3f5b1e4f7f1f4b4a17bf38e0dad9c80647d52d846781

  • SSDEEP

    6144:YIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCyOa:BKofHfHTXQLzgvnzHPowYbvrjD/L7QPU

Malware Config

Targets

    • Target

      ceb899e86faa56a3a883e0fb75dfe875e13439309a8ef3f33ec65d6fecd41af0.exe

    • Size

      195KB

    • MD5

      027c2704cc8c25a08993f9c5efaa3dfb

    • SHA1

      3b22afd4f64cf2801f8f9bd541cc49fc5a00fa65

    • SHA256

      ceb899e86faa56a3a883e0fb75dfe875e13439309a8ef3f33ec65d6fecd41af0

    • SHA512

      d04d2e8bc9743e42460831ff28bcc2e7f7ef873d39ec13907bb315612128e4263b49e6c3b25a5d4b713b3f5b1e4f7f1f4b4a17bf38e0dad9c80647d52d846781

    • SSDEEP

      6144:YIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCyOa:BKofHfHTXQLzgvnzHPowYbvrjD/L7QPU

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks