Resubmissions

21-01-2023 16:42

230121-t7mfnaeh8z 10

21-01-2023 16:00

230121-tfy1dada75 10

21-01-2023 15:57

230121-td759sda69 10

General

  • Target

    Install.exe

  • Size

    4.2MB

  • Sample

    230121-t7mfnaeh8z

  • MD5

    1d3cf58f93934855a05a2388a9f46188

  • SHA1

    b20fe8c0e418f5ed18bbac16fffd66ec202d514a

  • SHA256

    20cf945541d245468ff9f86e3339a5ce537e33ed06951f3f2dcc6acdcf90a31e

  • SHA512

    f8dd1cec6cdd8f5b2493d5ddccd514e17302ff132754d73a58e55b31378487ef97e237dbf0156ac4a7cfb5f0f12a5d5de0d9700cf899d9dca4a0324d42050eed

  • SSDEEP

    98304:1jCTlw6nmA0frFSoP9LAH+Jlt7D1QHGylt4iw+:ywTXZxLAH+j91QHLtrw+

Malware Config

Targets

    • Target

      Install.exe

    • Size

      4.2MB

    • MD5

      1d3cf58f93934855a05a2388a9f46188

    • SHA1

      b20fe8c0e418f5ed18bbac16fffd66ec202d514a

    • SHA256

      20cf945541d245468ff9f86e3339a5ce537e33ed06951f3f2dcc6acdcf90a31e

    • SHA512

      f8dd1cec6cdd8f5b2493d5ddccd514e17302ff132754d73a58e55b31378487ef97e237dbf0156ac4a7cfb5f0f12a5d5de0d9700cf899d9dca4a0324d42050eed

    • SSDEEP

      98304:1jCTlw6nmA0frFSoP9LAH+Jlt7D1QHGylt4iw+:ywTXZxLAH+j91QHLtrw+

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks