General

  • Target

    OneLaunch.exe

  • Size

    67.7MB

  • Sample

    240214-ma7l1agg83

  • MD5

    8890a4365e84c19b0bfb84bad31eaaed

  • SHA1

    d143943b35cbb0c70fc51c6b0dcd345968b15eba

  • SHA256

    5810ad9b0690eddcf276a6e90ce2efff927765cbf5304d8abf8e55ac979bcacb

  • SHA512

    f262ebcb8cf8518dd2a4a1bc4d30cfe24fe1feba921ec186a976f63a69b084b973c8aab79c40d8c2ec1d23ccca168399d4678e4e9f1a21a2d8c5b28b964fa734

  • SSDEEP

    1572864:lwsruw6ZK1JygiF6mvw9MjlZL40m3U8YNAf0ewY:lvrunZu8lwMjfm3Uyn

Malware Config

Targets

    • Target

      OneLaunch.exe

    • Size

      67.7MB

    • MD5

      8890a4365e84c19b0bfb84bad31eaaed

    • SHA1

      d143943b35cbb0c70fc51c6b0dcd345968b15eba

    • SHA256

      5810ad9b0690eddcf276a6e90ce2efff927765cbf5304d8abf8e55ac979bcacb

    • SHA512

      f262ebcb8cf8518dd2a4a1bc4d30cfe24fe1feba921ec186a976f63a69b084b973c8aab79c40d8c2ec1d23ccca168399d4678e4e9f1a21a2d8c5b28b964fa734

    • SSDEEP

      1572864:lwsruw6ZK1JygiF6mvw9MjlZL40m3U8YNAf0ewY:lvrunZu8lwMjfm3Uyn

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Detected potential entity reuse from brand google.

MITRE ATT&CK Enterprise v15

Tasks