General
-
Target
60b8ccfafebf9370aafd305184cf54e8ad83533d994ccb978cdea5bd0ffc22caN.exe
-
Size
233KB
-
Sample
241120-d86mxs1ckn
-
MD5
ba80677a2c79d42b65004d1a0b881ef0
-
SHA1
58276b234263d72ea688f044baea5268da27f7ca
-
SHA256
60b8ccfafebf9370aafd305184cf54e8ad83533d994ccb978cdea5bd0ffc22ca
-
SHA512
8581ecddd1f0482b6c98040c86cb1b2267f7b69110e056980f1858ddf239a3569728296a346ceff5217a5700b25197d3f0bb3049ff15ad852c8f9c683f1f8554
-
SSDEEP
6144:ZCttTu7ZQoEI/EcmwFPa7qSLtpcNE+89wn4y8k:QttTUYI/Nha7qSL/EE+94y
Malware Config
Targets
-
-
Target
60b8ccfafebf9370aafd305184cf54e8ad83533d994ccb978cdea5bd0ffc22caN.exe
-
Size
233KB
-
MD5
ba80677a2c79d42b65004d1a0b881ef0
-
SHA1
58276b234263d72ea688f044baea5268da27f7ca
-
SHA256
60b8ccfafebf9370aafd305184cf54e8ad83533d994ccb978cdea5bd0ffc22ca
-
SHA512
8581ecddd1f0482b6c98040c86cb1b2267f7b69110e056980f1858ddf239a3569728296a346ceff5217a5700b25197d3f0bb3049ff15ad852c8f9c683f1f8554
-
SSDEEP
6144:ZCttTu7ZQoEI/EcmwFPa7qSLtpcNE+89wn4y8k:QttTUYI/Nha7qSL/EE+94y
Score7/10-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1