General

  • Target

    5535d270028a80d69383fc25dbb19a46722bfb0c1c095e28ed9f1adc80f11f63.exe

  • Size

    122KB

  • Sample

    250115-3mpjys1nfr

  • MD5

    983b0adae9527d6fe994d33bd2f091f1

  • SHA1

    5e4b289d0b98a5b3509f6c639ebc7174d5b1652e

  • SHA256

    5535d270028a80d69383fc25dbb19a46722bfb0c1c095e28ed9f1adc80f11f63

  • SHA512

    52663381533b594a81aed50c0c4cab192b35e8178ad6daf4b385c7147da363ba0b452dfb34ab73268a023ccfb140a28e0da95c90b2afb697eb57d3f7b9f867d0

  • SSDEEP

    3072:OOJ5tQa0F9WnSHQofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPP0:OwktHQofHfHTXQLzgvnzHPowYbvrjD/5

Malware Config

Targets

    • Target

      5535d270028a80d69383fc25dbb19a46722bfb0c1c095e28ed9f1adc80f11f63.exe

    • Size

      122KB

    • MD5

      983b0adae9527d6fe994d33bd2f091f1

    • SHA1

      5e4b289d0b98a5b3509f6c639ebc7174d5b1652e

    • SHA256

      5535d270028a80d69383fc25dbb19a46722bfb0c1c095e28ed9f1adc80f11f63

    • SHA512

      52663381533b594a81aed50c0c4cab192b35e8178ad6daf4b385c7147da363ba0b452dfb34ab73268a023ccfb140a28e0da95c90b2afb697eb57d3f7b9f867d0

    • SSDEEP

      3072:OOJ5tQa0F9WnSHQofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPP0:OwktHQofHfHTXQLzgvnzHPowYbvrjD/5

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks