General

  • Target

    0f3acf7907686d8059122f05e811531061d0a94821b9ed8ef053a208f91fda88

  • Size

    182KB

  • Sample

    241113-ye866sycqm

  • MD5

    5c7a09c20bed7c18c984b8c57b17dcf2

  • SHA1

    5224ef6ce25923b48e9d2aa63e7a1b7bd4d36c21

  • SHA256

    0f3acf7907686d8059122f05e811531061d0a94821b9ed8ef053a208f91fda88

  • SHA512

    d165c06e91f7b879088a6fbe32538d661f4f263290debba2c94f2eb4220ac3c4519eef4ccfb21a71a7571b1e4af364a4393980031977933063165c44299cdc60

  • SSDEEP

    3072:pTFWjPQ9jhUoE/i3KxfqwS+bQ42Fz6KXzp6cqE6MzVoX20KP9+LGfAB0aKXABdeA:p4QFhn3KxfqwRbgFLDAjE6beZ00aaABt

Malware Config

Targets

    • Target

      0f3acf7907686d8059122f05e811531061d0a94821b9ed8ef053a208f91fda88

    • Size

      182KB

    • MD5

      5c7a09c20bed7c18c984b8c57b17dcf2

    • SHA1

      5224ef6ce25923b48e9d2aa63e7a1b7bd4d36c21

    • SHA256

      0f3acf7907686d8059122f05e811531061d0a94821b9ed8ef053a208f91fda88

    • SHA512

      d165c06e91f7b879088a6fbe32538d661f4f263290debba2c94f2eb4220ac3c4519eef4ccfb21a71a7571b1e4af364a4393980031977933063165c44299cdc60

    • SSDEEP

      3072:pTFWjPQ9jhUoE/i3KxfqwS+bQ42Fz6KXzp6cqE6MzVoX20KP9+LGfAB0aKXABdeA:p4QFhn3KxfqwRbgFLDAjE6beZ00aaABt

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks