General

  • Target

    3bff088d0a25ac3ace40f3abbe7c3fb78dfab6a3328f215b7ee4a701c39b0eef

  • Size

    98KB

  • Sample

    250701-gpexmseq4v

  • MD5

    06f77e0e34510089cdcab809711181ba

  • SHA1

    39bfd46261b13a8aba221929faea0777e235161f

  • SHA256

    3bff088d0a25ac3ace40f3abbe7c3fb78dfab6a3328f215b7ee4a701c39b0eef

  • SHA512

    0be0e762e8df35a50851ba8a88fd09e958e1018df8ff7f3853e1ddabce33538271448d39f02cfea31f867a4d38e3332734cde21be402f3bbcd41b568ce16eb4f

  • SSDEEP

    1536:vRiAXaKD5gxzmwYEM/D3ozc4I8JboecWtX4:piAXaKDeKNnD36cb8tI

Malware Config

Targets

    • Target

      3bff088d0a25ac3ace40f3abbe7c3fb78dfab6a3328f215b7ee4a701c39b0eef

    • Size

      98KB

    • MD5

      06f77e0e34510089cdcab809711181ba

    • SHA1

      39bfd46261b13a8aba221929faea0777e235161f

    • SHA256

      3bff088d0a25ac3ace40f3abbe7c3fb78dfab6a3328f215b7ee4a701c39b0eef

    • SHA512

      0be0e762e8df35a50851ba8a88fd09e958e1018df8ff7f3853e1ddabce33538271448d39f02cfea31f867a4d38e3332734cde21be402f3bbcd41b568ce16eb4f

    • SSDEEP

      1536:vRiAXaKD5gxzmwYEM/D3ozc4I8JboecWtX4:piAXaKDeKNnD36cb8tI

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v16

Tasks