General

  • Target

    OneLaunch - PDF_i3nxg.exe

  • Size

    3.2MB

  • Sample

    240222-ttb3rscc4z

  • MD5

    6a05cd2d9491ef255c709724b782b476

  • SHA1

    6ce3f0f26a1e3fefe7ddb63e838d90908929c0b6

  • SHA256

    b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8

  • SHA512

    e7b6d7df9a396484c64994dbad32e6ddcc9f8f38ce946633dcbfa5876c19235650025cde68cf46cc43b3c04c0638864a1023ab5a5c60bc2e9162b7b135cd84fc

  • SSDEEP

    49152:rqe3f6RzHE7EZ0+H0OsvEaRA89WUU2M6gnGujqVX5rIJwI2J5PiH7nBGtO:mSiRzHE7EDHGTpWG0jgJLTiH7BUO

Malware Config

Targets

    • Target

      OneLaunch - PDF_i3nxg.exe

    • Size

      3.2MB

    • MD5

      6a05cd2d9491ef255c709724b782b476

    • SHA1

      6ce3f0f26a1e3fefe7ddb63e838d90908929c0b6

    • SHA256

      b5a9381d8ea317ba2bedbda0d9b858a3cad1b09528f63761fe5c4bd0de5098a8

    • SHA512

      e7b6d7df9a396484c64994dbad32e6ddcc9f8f38ce946633dcbfa5876c19235650025cde68cf46cc43b3c04c0638864a1023ab5a5c60bc2e9162b7b135cd84fc

    • SSDEEP

      49152:rqe3f6RzHE7EZ0+H0OsvEaRA89WUU2M6gnGujqVX5rIJwI2J5PiH7nBGtO:mSiRzHE7EDHGTpWG0jgJLTiH7BUO

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Detected potential entity reuse from brand google.

MITRE ATT&CK Enterprise v15

Tasks