General

  • Target

    113c5aef12578e3462617a7649e10cf589e1e1da5d848c1c25dafa93209435a5

  • Size

    180KB

  • Sample

    241121-yj431swkav

  • MD5

    56ad9c47049c31318cfea3b8bbfc0068

  • SHA1

    75f479853264520758443b447f87a5e9978eb045

  • SHA256

    113c5aef12578e3462617a7649e10cf589e1e1da5d848c1c25dafa93209435a5

  • SHA512

    e1418a0f072471f293429b8c7a9fe8baac22db6d5c57785b8bc065804ce1000c6b9e98fd4e8cf3cea27aef9bff58dad5311d93dafc9c758ea140aa78713f14ac

  • SSDEEP

    3072:R/q9D8TGRg+2P0XSE0+7GHms91/Eg+lJKkarUTKeaVa/+UJCmwEgC5Vi8tvuGl2:I8CgNPISQXsj/MlmYHOa/BJlwEgC5Vin

Malware Config

Targets

    • Target

      113c5aef12578e3462617a7649e10cf589e1e1da5d848c1c25dafa93209435a5

    • Size

      180KB

    • MD5

      56ad9c47049c31318cfea3b8bbfc0068

    • SHA1

      75f479853264520758443b447f87a5e9978eb045

    • SHA256

      113c5aef12578e3462617a7649e10cf589e1e1da5d848c1c25dafa93209435a5

    • SHA512

      e1418a0f072471f293429b8c7a9fe8baac22db6d5c57785b8bc065804ce1000c6b9e98fd4e8cf3cea27aef9bff58dad5311d93dafc9c758ea140aa78713f14ac

    • SSDEEP

      3072:R/q9D8TGRg+2P0XSE0+7GHms91/Eg+lJKkarUTKeaVa/+UJCmwEgC5Vi8tvuGl2:I8CgNPISQXsj/MlmYHOa/BJlwEgC5Vin

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks