General
-
Target
6831f236816f9799458cff0c50116bcc3029f57e8cd8ab181204bc914789c1df.dll
-
Size
97KB
-
Sample
241120-dahs7syelg
-
MD5
8ae5deac29c6d351c2376da97b75b88a
-
SHA1
e999daea87b481d11b4fd8559bdd3d68516dc0ef
-
SHA256
6831f236816f9799458cff0c50116bcc3029f57e8cd8ab181204bc914789c1df
-
SHA512
a69fd417bda9b491924222066f77172c6c2a217ec6e9269f4037ff2953afb7148a31465f48705480ccc862e10c86185cb595482b9ed9c93a4dd48194396b0582
-
SSDEEP
3072:BDpG6gzgHr5tCmfk455ecDBkdq+SStvAbGh:5pG6Sg9txRk/SS6bGh
Malware Config
Targets
-
-
Target
6831f236816f9799458cff0c50116bcc3029f57e8cd8ab181204bc914789c1df.dll
-
Size
97KB
-
MD5
8ae5deac29c6d351c2376da97b75b88a
-
SHA1
e999daea87b481d11b4fd8559bdd3d68516dc0ef
-
SHA256
6831f236816f9799458cff0c50116bcc3029f57e8cd8ab181204bc914789c1df
-
SHA512
a69fd417bda9b491924222066f77172c6c2a217ec6e9269f4037ff2953afb7148a31465f48705480ccc862e10c86185cb595482b9ed9c93a4dd48194396b0582
-
SSDEEP
3072:BDpG6gzgHr5tCmfk455ecDBkdq+SStvAbGh:5pG6Sg9txRk/SS6bGh
Score8/10-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1