General

  • Target

    fa8f3cdeaed3745998904a6ea6e98b3e01860e53ec275582e6987bacfa0c131d

  • Size

    204KB

  • Sample

    241122-hxj21askhm

  • MD5

    2adad827414aeb3ab133364ec38181f5

  • SHA1

    3a685519c2038bbdad750e3e9db993bf48eb4972

  • SHA256

    fa8f3cdeaed3745998904a6ea6e98b3e01860e53ec275582e6987bacfa0c131d

  • SHA512

    aad294110f8d450306c843fe4ed389ce97cd2224ca0253839e8d93f7da43487ea20b3f0971e9c29b15bb0d2c581f90c0ecec1a4fb6e7add9bd2c3fb9d1c85554

  • SSDEEP

    3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

Malware Config

Targets

    • Target

      fa8f3cdeaed3745998904a6ea6e98b3e01860e53ec275582e6987bacfa0c131d

    • Size

      204KB

    • MD5

      2adad827414aeb3ab133364ec38181f5

    • SHA1

      3a685519c2038bbdad750e3e9db993bf48eb4972

    • SHA256

      fa8f3cdeaed3745998904a6ea6e98b3e01860e53ec275582e6987bacfa0c131d

    • SHA512

      aad294110f8d450306c843fe4ed389ce97cd2224ca0253839e8d93f7da43487ea20b3f0971e9c29b15bb0d2c581f90c0ecec1a4fb6e7add9bd2c3fb9d1c85554

    • SSDEEP

      3072:fP5gvNVLIfHQja1RfmLQADwSKkhU+tLgT5lODbiC8r1PkT:X2vnSwjaOcADw9cUeCOf

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks