Resubmissions

26-10-2024 05:40

241026-gc9lgs1ame 9

08-03-2024 02:26

240308-cxb4hach94 8

General

  • Target

    a16a40d0182a87fc6219693ac664286738329222983bd9e70b455f198e124ba2.zip

  • Size

    309KB

  • Sample

    240308-cxb4hach94

  • MD5

    0204bbacf8a88e9b7dbc3ae7a040a4c9

  • SHA1

    87959bde294cff67d7262ce4b2f117a38642d943

  • SHA256

    a16a40d0182a87fc6219693ac664286738329222983bd9e70b455f198e124ba2

  • SHA512

    7c25ace20d1c005d48c714253d7f3b070b17d037fe6f02d100ffda06d2095cccfa3a831c1c94cd638489630177bd27ad3eeeb15c8e5898d0a8a150d8048601c2

  • SSDEEP

    6144:xxFLBhEzPZ4hxz2jd7c5asK2drxIfk1LU4wSy2lr8AjhsZduDZBUIURTvVa:9LBCzRYyc5aErxIfmLUey2lAAdsZQDZl

Malware Config

Targets

    • Target

      Talking_Points_for_China/KeyScramblerIE.DLL

    • Size

      175KB

    • MD5

      264152e46df9c02652e12d68d915485d

    • SHA1

      525e4610baf94791ad147ecc3001ab3f390ae8f6

    • SHA256

      316541143187acff1404b98659c6d9c8566107bd652310705214777f03ea10c8

    • SHA512

      c427af57ca47c2a9ba93097106f48202b4e089d6197a3483fba40b8da14de0d925524b5e0498012d1cdfb922a95bf061d8b65ee7ecc006bbc72bdd56d849ba55

    • SSDEEP

      3072:Vh9sKq2NGp6+i5F1Is1jsXHCdMQBzRvqpcnqKEqBz:VnsKq2NG4ss1jQHCOCopcq4z

    Score
    8/10
    • Blocklisted process makes network request

    • Adds Run key to start application

    • Target

      Talking_Points_for_China/Talking_Points_for_China.exe

    • Size

      500KB

    • MD5

      c790ebfcb6a34953a371e32c9174fe46

    • SHA1

      3ead08d8bbdb3afd851877cb50507b77ae18a4d8

    • SHA256

      fa7ad2f45128120bccc33f996f87a81faa2e9c1236666dd69b943a755f332eb1

    • SHA512

      74e3ab12b2a2d5c45c5248dd2225bfbcf237a01ef94fdca3fe99cfde11bd7d0ccd25dd7f26bd283997d951f4df7e8f4b35f9475a32bdb854d6cc8867b2c45554

    • SSDEEP

      6144:79UJaPbttKBfvX/b9NX7NVdRbjCNK617o41Nptp7Nu+1:7qkbtts3X/b9NX7NVdtC37p7NuK

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks