General

  • Target

    tif.exe

  • Size

    603KB

  • Sample

    240303-ajm8haae8y

  • MD5

    889a8de7e88cbb32398b4219d7145de5

  • SHA1

    446b7ec32dcbdde510722be67edd8f355e32bf7b

  • SHA256

    28fe7130c142722ff8b32f513ad98ef67d0f728f6a94b3cde432706c8c0cd264

  • SHA512

    2b4a05459995d32a60353ccf616d7e1a80e2843fb323998bf53e4b67d8d48076ee363bb7c0ff4f50f2198818d0847058c0c00e1ee536fb3654cab737c10414da

  • SSDEEP

    12288:0ctEagGmcl4gBF1BRnI6hAVebOe1o6Nga8FM7OMLczPifSLshw0/uKXkIIMYuFkZ:VR+cl7X1BRnI6hmebOe1n7mMlLczPikB

Malware Config

Targets

    • Target

      tif.exe

    • Size

      603KB

    • MD5

      889a8de7e88cbb32398b4219d7145de5

    • SHA1

      446b7ec32dcbdde510722be67edd8f355e32bf7b

    • SHA256

      28fe7130c142722ff8b32f513ad98ef67d0f728f6a94b3cde432706c8c0cd264

    • SHA512

      2b4a05459995d32a60353ccf616d7e1a80e2843fb323998bf53e4b67d8d48076ee363bb7c0ff4f50f2198818d0847058c0c00e1ee536fb3654cab737c10414da

    • SSDEEP

      12288:0ctEagGmcl4gBF1BRnI6hAVebOe1o6Nga8FM7OMLczPifSLshw0/uKXkIIMYuFkZ:VR+cl7X1BRnI6hmebOe1n7mMlLczPikB

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v15

Tasks