General

  • Target

    8b261e7c8d90807956657fbde3db5f7588aea3df21173d150a48b26a43f958f0.exe

  • Size

    122KB

  • Sample

    250119-qe8lmsymey

  • MD5

    3f3a35263138282e229bd5192012c5d6

  • SHA1

    755b1a94c804c554aa707a668952d137a20f81f1

  • SHA256

    8b261e7c8d90807956657fbde3db5f7588aea3df21173d150a48b26a43f958f0

  • SHA512

    4f896e2fadeeccf76c95b60a1786f144af3eecebe6f1940153fc03013fc41d3e96700dd38c826dee96bd03c4ee4c4b3a55c84fee21b232ea52e4649695924fff

  • SSDEEP

    3072:rOJ5tQa0F9WnSHQofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPP0:rwktHQofHfHTXQLzgvnzHPowYbvrjD/p

Malware Config

Targets

    • Target

      8b261e7c8d90807956657fbde3db5f7588aea3df21173d150a48b26a43f958f0.exe

    • Size

      122KB

    • MD5

      3f3a35263138282e229bd5192012c5d6

    • SHA1

      755b1a94c804c554aa707a668952d137a20f81f1

    • SHA256

      8b261e7c8d90807956657fbde3db5f7588aea3df21173d150a48b26a43f958f0

    • SHA512

      4f896e2fadeeccf76c95b60a1786f144af3eecebe6f1940153fc03013fc41d3e96700dd38c826dee96bd03c4ee4c4b3a55c84fee21b232ea52e4649695924fff

    • SSDEEP

      3072:rOJ5tQa0F9WnSHQofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPP0:rwktHQofHfHTXQLzgvnzHPowYbvrjD/p

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks