General

  • Target

    e8017c9ecacc7f772a2ad6c0b0030eb639c0b51faf0afbb56e22617026910c55

  • Size

    69KB

  • Sample

    250119-mwtl9svngl

  • MD5

    540e2339916f9533501eec1eac84f714

  • SHA1

    26a739a9fb434aeafe36e3abe0fdb5a574d10e8c

  • SHA256

    e8017c9ecacc7f772a2ad6c0b0030eb639c0b51faf0afbb56e22617026910c55

  • SHA512

    069acc102be3c1206f0e511f4781c3d1eb3551b174b3f4349183ba83ee5307f53387e3a5c1061a5de534d53b929674ec7cdd7ff700b2229f9127b2b5a7b5e826

  • SSDEEP

    768:qGHV45EDE477AZbUJx0rZGE3jCELoiMMj6hZ3nE+EXVmkDbjRL8Khc15Z6J1SqG:qG14P477AxUYrZGoC09k0SkTRHhWqPJG

Malware Config

Targets

    • Target

      e8017c9ecacc7f772a2ad6c0b0030eb639c0b51faf0afbb56e22617026910c55

    • Size

      69KB

    • MD5

      540e2339916f9533501eec1eac84f714

    • SHA1

      26a739a9fb434aeafe36e3abe0fdb5a574d10e8c

    • SHA256

      e8017c9ecacc7f772a2ad6c0b0030eb639c0b51faf0afbb56e22617026910c55

    • SHA512

      069acc102be3c1206f0e511f4781c3d1eb3551b174b3f4349183ba83ee5307f53387e3a5c1061a5de534d53b929674ec7cdd7ff700b2229f9127b2b5a7b5e826

    • SSDEEP

      768:qGHV45EDE477AZbUJx0rZGE3jCELoiMMj6hZ3nE+EXVmkDbjRL8Khc15Z6J1SqG:qG14P477AxUYrZGoC09k0SkTRHhWqPJG

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks