General

  • Target

    238dc1f34ea5315e6f79bbc6ae1a20bf7fdc24d650845388957a874d018743af

  • Size

    152KB

  • Sample

    250127-zavzesvndr

  • MD5

    b330a11baf33c84c1ddd1525eaf06041

  • SHA1

    5b307677816474d0e329b2d2baafd092fcc1a0c5

  • SHA256

    238dc1f34ea5315e6f79bbc6ae1a20bf7fdc24d650845388957a874d018743af

  • SHA512

    d7a1172caa4dbaa7469edca809cd60d52d55720c7f83b8912187f39d406704f6b92adb9d2931ac84802566f7e022196dd951447518159fbb76c4f2d40837504a

  • SSDEEP

    3072:JOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPV:JIs9OKofHfHTXQLzgvnzHPowYbvrjD/q

Malware Config

Targets

    • Target

      238dc1f34ea5315e6f79bbc6ae1a20bf7fdc24d650845388957a874d018743af

    • Size

      152KB

    • MD5

      b330a11baf33c84c1ddd1525eaf06041

    • SHA1

      5b307677816474d0e329b2d2baafd092fcc1a0c5

    • SHA256

      238dc1f34ea5315e6f79bbc6ae1a20bf7fdc24d650845388957a874d018743af

    • SHA512

      d7a1172caa4dbaa7469edca809cd60d52d55720c7f83b8912187f39d406704f6b92adb9d2931ac84802566f7e022196dd951447518159fbb76c4f2d40837504a

    • SSDEEP

      3072:JOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPV:JIs9OKofHfHTXQLzgvnzHPowYbvrjD/q

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks