General

  • Target

    108fa5622e3cc2f8f527d572634c1d49bd7b17c0824b69894deda81c0d352abb

  • Size

    127KB

  • Sample

    250119-y5kw9svlgq

  • MD5

    7cf810a533601e0e51db360e91966df9

  • SHA1

    4a6cc4135480d0ca1e9f5415ecc989f23efef149

  • SHA256

    108fa5622e3cc2f8f527d572634c1d49bd7b17c0824b69894deda81c0d352abb

  • SHA512

    a4e703cbe57ab966fe3c1d66176c52b807453a6937b6c62a7b23de4fc772a6b89724b755479ba5a0d6527dbaa9fab46c7420de7b2a6e01d03d4d51cb435b8c4a

  • SSDEEP

    3072:KOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:KIH9OKofHfHTXQLzgvnzHPowYbvrjD/u

Malware Config

Targets

    • Target

      108fa5622e3cc2f8f527d572634c1d49bd7b17c0824b69894deda81c0d352abb

    • Size

      127KB

    • MD5

      7cf810a533601e0e51db360e91966df9

    • SHA1

      4a6cc4135480d0ca1e9f5415ecc989f23efef149

    • SHA256

      108fa5622e3cc2f8f527d572634c1d49bd7b17c0824b69894deda81c0d352abb

    • SHA512

      a4e703cbe57ab966fe3c1d66176c52b807453a6937b6c62a7b23de4fc772a6b89724b755479ba5a0d6527dbaa9fab46c7420de7b2a6e01d03d4d51cb435b8c4a

    • SSDEEP

      3072:KOjWuyt0ZHqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:KIH9OKofHfHTXQLzgvnzHPowYbvrjD/u

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks