General

  • Target

    40a1e70848921bb654ed081a44c7c107b4b1c09bc0c3c54f92c256e63bc042cc

  • Size

    94KB

  • Sample

    250701-j251psdq8x

  • MD5

    e0b9343754afb6d9ef3e513810a30d51

  • SHA1

    cf442171c7abcc844da00e628ce38651b01e1c90

  • SHA256

    40a1e70848921bb654ed081a44c7c107b4b1c09bc0c3c54f92c256e63bc042cc

  • SHA512

    591ba0b3704ace220a614a8319f3a5ad626a62af898da3a79330c66e7aa15f0b700547397bf99e5026546e916d86322cd33985f62ec72b4e54b52f1827259e00

  • SSDEEP

    1536:vRiAXaKD5gxzmwYEM/D3ozc4I8JboecWtX4u:piAXaKDeKNnD36cb8tIu

Malware Config

Targets

    • Target

      40a1e70848921bb654ed081a44c7c107b4b1c09bc0c3c54f92c256e63bc042cc

    • Size

      94KB

    • MD5

      e0b9343754afb6d9ef3e513810a30d51

    • SHA1

      cf442171c7abcc844da00e628ce38651b01e1c90

    • SHA256

      40a1e70848921bb654ed081a44c7c107b4b1c09bc0c3c54f92c256e63bc042cc

    • SHA512

      591ba0b3704ace220a614a8319f3a5ad626a62af898da3a79330c66e7aa15f0b700547397bf99e5026546e916d86322cd33985f62ec72b4e54b52f1827259e00

    • SSDEEP

      1536:vRiAXaKD5gxzmwYEM/D3ozc4I8JboecWtX4u:piAXaKDeKNnD36cb8tIu

    • Blocklisted process makes network request

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v16

Tasks