Resubmissions

22-03-2024 16:59

240322-vhpedsgb9v 7

22-03-2024 16:58

240322-vg3kmagb8y 1

General

  • Target

    MicrosoftEdgeSetup.exe

  • Size

    1.5MB

  • Sample

    240322-vhpedsgb9v

  • MD5

    b59386ec118b8b95d02f1e1b5a507e7f

  • SHA1

    1577e63c1c66a457162a3987e4f18dc37bd24122

  • SHA256

    39e4555e23cba84c99419fa6dde808448bab40f058912a81d5da3205874c1646

  • SHA512

    a710c68bd5300170ea1dab4b208451a80813649e69853de67336c2bbf3ab942b3ea7891e0f06791b545801246b4b8dc9589668b2f587cbf44b9d53a893dcb944

  • SSDEEP

    49152:/y+3Q/13Fc2eu2RVHSXoHGAPl76ojGqCVp:/yN3FVeRVHooHVP+Vp

Malware Config

Targets

    • Target

      MicrosoftEdgeSetup.exe

    • Size

      1.5MB

    • MD5

      b59386ec118b8b95d02f1e1b5a507e7f

    • SHA1

      1577e63c1c66a457162a3987e4f18dc37bd24122

    • SHA256

      39e4555e23cba84c99419fa6dde808448bab40f058912a81d5da3205874c1646

    • SHA512

      a710c68bd5300170ea1dab4b208451a80813649e69853de67336c2bbf3ab942b3ea7891e0f06791b545801246b4b8dc9589668b2f587cbf44b9d53a893dcb944

    • SSDEEP

      49152:/y+3Q/13Fc2eu2RVHSXoHGAPl76ojGqCVp:/yN3FVeRVHooHVP+Vp

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Downloads MZ/PE file

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks