General

  • Target

    4b3d67ab9023466d0a815fb04af6d7e3cf992d0ea06d2edb1231eb9f9ff4c09bN.exe

  • Size

    75KB

  • Sample

    250115-1npj8swlcw

  • MD5

    d1ffe29bfdc814afdd797f28f7e4eb80

  • SHA1

    a1465f461725e46677deca09997a628e618a8206

  • SHA256

    4b3d67ab9023466d0a815fb04af6d7e3cf992d0ea06d2edb1231eb9f9ff4c09b

  • SHA512

    eb97d7a27ab4f7242b03f8027eabc7b1190919081f1625bb7b1a70b40eebf95426665ad6c2933395c288b9a7b9b2f2db6090ce68011cd7e7c2752b3167d5e9e6

  • SSDEEP

    1536:Mx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3E:kOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPM

Malware Config

Targets

    • Target

      4b3d67ab9023466d0a815fb04af6d7e3cf992d0ea06d2edb1231eb9f9ff4c09bN.exe

    • Size

      75KB

    • MD5

      d1ffe29bfdc814afdd797f28f7e4eb80

    • SHA1

      a1465f461725e46677deca09997a628e618a8206

    • SHA256

      4b3d67ab9023466d0a815fb04af6d7e3cf992d0ea06d2edb1231eb9f9ff4c09b

    • SHA512

      eb97d7a27ab4f7242b03f8027eabc7b1190919081f1625bb7b1a70b40eebf95426665ad6c2933395c288b9a7b9b2f2db6090ce68011cd7e7c2752b3167d5e9e6

    • SSDEEP

      1536:Mx1Qja7luy6y0s4sqfkbnAKBOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3E:kOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPM

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks