General

  • Target

    0ccbdecdee3487a25cb6c4d28eedca7c5d84e77485baed86c1b0dd270331cc24

  • Size

    226KB

  • Sample

    250119-ysff1stqan

  • MD5

    9884f0b3f832e098188c1ed7a8f2f46f

  • SHA1

    722767ad8446005d1315eb6a95cb7fed2964c047

  • SHA256

    0ccbdecdee3487a25cb6c4d28eedca7c5d84e77485baed86c1b0dd270331cc24

  • SHA512

    b45c42b307617176d23e68e6e3d70ff5f451dc5fd8f4abc1b3ac59bc919d683a1cfb6cb418cf3112e3583fa58fffbf9dbe5e6153476b076dee02bef533e335cc

  • SSDEEP

    6144:JIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCtZ0:wKofHfHTXQLzgvnzHPowYbvrjD/L7QPS

Malware Config

Targets

    • Target

      0ccbdecdee3487a25cb6c4d28eedca7c5d84e77485baed86c1b0dd270331cc24

    • Size

      226KB

    • MD5

      9884f0b3f832e098188c1ed7a8f2f46f

    • SHA1

      722767ad8446005d1315eb6a95cb7fed2964c047

    • SHA256

      0ccbdecdee3487a25cb6c4d28eedca7c5d84e77485baed86c1b0dd270331cc24

    • SHA512

      b45c42b307617176d23e68e6e3d70ff5f451dc5fd8f4abc1b3ac59bc919d683a1cfb6cb418cf3112e3583fa58fffbf9dbe5e6153476b076dee02bef533e335cc

    • SSDEEP

      6144:JIs9OKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPFsEPAsKCtZ0:wKofHfHTXQLzgvnzHPowYbvrjD/L7QPS

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks