General

  • Target

    08a7f76e2a0e811c47a367802f432725d7fedd9033f2721867c3cc207cdad2b1N.exe

  • Size

    127KB

  • Sample

    250119-p7k6daypem

  • MD5

    62d121c3754e57d0e7b2e65f2fd858e0

  • SHA1

    8fd4bf21565e9a01bc380813e3f2e11f90396bd5

  • SHA256

    08a7f76e2a0e811c47a367802f432725d7fedd9033f2721867c3cc207cdad2b1

  • SHA512

    daa038fdbf96aa30048dd006ec88ea10de73aa72a181b43b1e7f2aff40242d019ea851900e1e47f946fb4ff97c4ba799fca77179bdb5c23923662ac32df6f6ea

  • SSDEEP

    3072:bOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:bIH9OKofHfHTXQLzgvnzHPowYbvrjD/u

Malware Config

Targets

    • Target

      08a7f76e2a0e811c47a367802f432725d7fedd9033f2721867c3cc207cdad2b1N.exe

    • Size

      127KB

    • MD5

      62d121c3754e57d0e7b2e65f2fd858e0

    • SHA1

      8fd4bf21565e9a01bc380813e3f2e11f90396bd5

    • SHA256

      08a7f76e2a0e811c47a367802f432725d7fedd9033f2721867c3cc207cdad2b1

    • SHA512

      daa038fdbf96aa30048dd006ec88ea10de73aa72a181b43b1e7f2aff40242d019ea851900e1e47f946fb4ff97c4ba799fca77179bdb5c23923662ac32df6f6ea

    • SSDEEP

      3072:bOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:bIH9OKofHfHTXQLzgvnzHPowYbvrjD/u

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks