General
-
Target
6c728abd9ba37ea16de7ef5d4a088a787cd042e3554f9a2ea01ed0db4415cb39.dll
-
Size
300KB
-
Sample
241120-da59haynfx
-
MD5
553beef27194ac96e8617e7d97fa2c14
-
SHA1
894a7b53f0d93ef6db2d24e2b3c19ba2d596bd62
-
SHA256
6c728abd9ba37ea16de7ef5d4a088a787cd042e3554f9a2ea01ed0db4415cb39
-
SHA512
26b22dcf8dc4ce30104f96c1810c8bbba53edb2a1004085c910901e46feacef354e5bdf17a9b881d8d71cc6065022a69af8efff78e08b1cdeef956741b181f5e
-
SSDEEP
6144:C6QWdZfgzkudDcP2tb4jSUE2Hk90TF1P42fybr:C+AQHPBCaoP
Malware Config
Targets
-
-
Target
6c728abd9ba37ea16de7ef5d4a088a787cd042e3554f9a2ea01ed0db4415cb39.dll
-
Size
300KB
-
MD5
553beef27194ac96e8617e7d97fa2c14
-
SHA1
894a7b53f0d93ef6db2d24e2b3c19ba2d596bd62
-
SHA256
6c728abd9ba37ea16de7ef5d4a088a787cd042e3554f9a2ea01ed0db4415cb39
-
SHA512
26b22dcf8dc4ce30104f96c1810c8bbba53edb2a1004085c910901e46feacef354e5bdf17a9b881d8d71cc6065022a69af8efff78e08b1cdeef956741b181f5e
-
SSDEEP
6144:C6QWdZfgzkudDcP2tb4jSUE2Hk90TF1P42fybr:C+AQHPBCaoP
Score8/10-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1