General

  • Target

    afad2c4aca6c912a5b16a08c1f931bdedad628ca01bbe9486b7f06c64bdd8ccd.exe

  • Size

    549KB

  • Sample

    250115-3hqw8a1mcl

  • MD5

    6f4c9f261aff42d059d6314a993f357e

  • SHA1

    52099ce2644f59070392f384bf8eecb61d39f60c

  • SHA256

    afad2c4aca6c912a5b16a08c1f931bdedad628ca01bbe9486b7f06c64bdd8ccd

  • SHA512

    70d15c4fca804258c677dcbecefeabba00cc9eb5e0ba5628128af8b02929f5a89b4641d1926472f7536d829b6e577a9c66340e152b69fc6dbbf81d3043957ca9

  • SSDEEP

    6144:YBcsToNOF/VPzPnVu14MfrkEzmI0jL1cb71Xzb7J:kcso2V7Pc4Mzpz10vCH1f7J

Malware Config

Targets

    • Target

      afad2c4aca6c912a5b16a08c1f931bdedad628ca01bbe9486b7f06c64bdd8ccd.exe

    • Size

      549KB

    • MD5

      6f4c9f261aff42d059d6314a993f357e

    • SHA1

      52099ce2644f59070392f384bf8eecb61d39f60c

    • SHA256

      afad2c4aca6c912a5b16a08c1f931bdedad628ca01bbe9486b7f06c64bdd8ccd

    • SHA512

      70d15c4fca804258c677dcbecefeabba00cc9eb5e0ba5628128af8b02929f5a89b4641d1926472f7536d829b6e577a9c66340e152b69fc6dbbf81d3043957ca9

    • SSDEEP

      6144:YBcsToNOF/VPzPnVu14MfrkEzmI0jL1cb71Xzb7J:kcso2V7Pc4Mzpz10vCH1f7J

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks