General
-
Target
4a0ddb06b4662018f7013a9f377e721b8052b8450ce6e30e9a3ec05ca206e7fc.dll
-
Size
134KB
-
Sample
241120-c39a7aydkb
-
MD5
df8643701bd8d813ac0b5bf01ace46b4
-
SHA1
9c68c7f4eb2ac4026ba3f8389ab46d61c2085370
-
SHA256
4a0ddb06b4662018f7013a9f377e721b8052b8450ce6e30e9a3ec05ca206e7fc
-
SHA512
0edbc4dc3378b21ea0588164969c4ac88fb468d05bbd517edb083401709ab95708b29f37ff356222046f69c8777d48671d6914e4b9effcfe7b49039ee4ab3ae3
-
SSDEEP
3072:Mz9IOfAdv1qacKNQTtP0KuYjbi7Gp0N9DL8:MzOOfAdv1XaPduYjbEf8
Malware Config
Targets
-
-
Target
4a0ddb06b4662018f7013a9f377e721b8052b8450ce6e30e9a3ec05ca206e7fc.dll
-
Size
134KB
-
MD5
df8643701bd8d813ac0b5bf01ace46b4
-
SHA1
9c68c7f4eb2ac4026ba3f8389ab46d61c2085370
-
SHA256
4a0ddb06b4662018f7013a9f377e721b8052b8450ce6e30e9a3ec05ca206e7fc
-
SHA512
0edbc4dc3378b21ea0588164969c4ac88fb468d05bbd517edb083401709ab95708b29f37ff356222046f69c8777d48671d6914e4b9effcfe7b49039ee4ab3ae3
-
SSDEEP
3072:Mz9IOfAdv1qacKNQTtP0KuYjbi7Gp0N9DL8:MzOOfAdv1XaPduYjbEf8
Score8/10-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1