General

  • Target

    tif.exe

  • Size

    603KB

  • Sample

    240304-3w9w9agf6v

  • MD5

    a78a91820621a11c3e32a6a493d8117a

  • SHA1

    23a425b2f44acab018bf18ca3887a07856c45bdd

  • SHA256

    3a282932054de2fdecc1d69633e359f673994fd5677f30972605617fdaa773fc

  • SHA512

    ecd26164c2b55d32a03491d123f45a328b76bf6575139cabbe669b7dbdc3b07b0abb120c8c4acebccaa9f045a9afcb390bebf800135df1a8d8f72040ba6ad1ec

  • SSDEEP

    12288:0ctEagGmcl4gBF1BRnI6hAVebOe1o6Nga8FM7OMLczPifSLshw0/uKXkIIMYuFk2:VR+cl7X1BRnI6hmebOe1n7mMlLczPik+

Malware Config

Targets

    • Target

      tif.exe

    • Size

      603KB

    • MD5

      a78a91820621a11c3e32a6a493d8117a

    • SHA1

      23a425b2f44acab018bf18ca3887a07856c45bdd

    • SHA256

      3a282932054de2fdecc1d69633e359f673994fd5677f30972605617fdaa773fc

    • SHA512

      ecd26164c2b55d32a03491d123f45a328b76bf6575139cabbe669b7dbdc3b07b0abb120c8c4acebccaa9f045a9afcb390bebf800135df1a8d8f72040ba6ad1ec

    • SSDEEP

      12288:0ctEagGmcl4gBF1BRnI6hAVebOe1o6Nga8FM7OMLczPifSLshw0/uKXkIIMYuFk2:VR+cl7X1BRnI6hmebOe1n7mMlLczPik+

    • Modifies Windows Firewall

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks