General

  • Target

    7809e81a6942d4324148568793d546443fa4527015759b17a653e1d157475958.exe

  • Size

    352KB

  • Sample

    250119-yhxbsatlgp

  • MD5

    15a0745bcc3f2cfea86cd1e3d80317ee

  • SHA1

    c371bdd9da789f4bf2d0fe67594dcc94c99cb794

  • SHA256

    7809e81a6942d4324148568793d546443fa4527015759b17a653e1d157475958

  • SHA512

    8421f273eed5ffcfef604c7a989dbcdcf8493d3d22d15e68d3c4abb72674be7fcdbbbfcd8f22892cbcdee87f3b473a14512ea39a5c8b50294ff08f28068bb5ac

  • SSDEEP

    6144:zIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCe8m:WKofHfHTXQLzgvnzHPowYbvrjD/L7QPe

Malware Config

Targets

    • Target

      7809e81a6942d4324148568793d546443fa4527015759b17a653e1d157475958.exe

    • Size

      352KB

    • MD5

      15a0745bcc3f2cfea86cd1e3d80317ee

    • SHA1

      c371bdd9da789f4bf2d0fe67594dcc94c99cb794

    • SHA256

      7809e81a6942d4324148568793d546443fa4527015759b17a653e1d157475958

    • SHA512

      8421f273eed5ffcfef604c7a989dbcdcf8493d3d22d15e68d3c4abb72674be7fcdbbbfcd8f22892cbcdee87f3b473a14512ea39a5c8b50294ff08f28068bb5ac

    • SSDEEP

      6144:zIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCe8m:WKofHfHTXQLzgvnzHPowYbvrjD/L7QPe

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks