General

  • Target

    iobit_malware_fighter_setup.exe

  • Size

    59.4MB

  • Sample

    240323-y8wsyaca57

  • MD5

    eabd305c1f970265070ba9805af13e38

  • SHA1

    194e520ba6de81f501c80177b996aef3d6a7ae71

  • SHA256

    fa26ce0bf6d40278d5a1ad78681df5a38313d0dcff7276c45f3093650fae3026

  • SHA512

    50e0550b99e1ea9b258aeda487f57aab0d081aa9069dc22a71596a5a1f12874956383ef5c16f9d86909bed71cf498ea7e9448d533a992decc91c10b95391cded

  • SSDEEP

    1572864:GUO+jzYY+eKqWtGw1n8nPzGYZfeOKddCQg6fpez3q1kQJf:X3p+VOwePzzKPCQg6fpezAV

Malware Config

Targets

    • Target

      iobit_malware_fighter_setup.exe

    • Size

      59.4MB

    • MD5

      eabd305c1f970265070ba9805af13e38

    • SHA1

      194e520ba6de81f501c80177b996aef3d6a7ae71

    • SHA256

      fa26ce0bf6d40278d5a1ad78681df5a38313d0dcff7276c45f3093650fae3026

    • SHA512

      50e0550b99e1ea9b258aeda487f57aab0d081aa9069dc22a71596a5a1f12874956383ef5c16f9d86909bed71cf498ea7e9448d533a992decc91c10b95391cded

    • SSDEEP

      1572864:GUO+jzYY+eKqWtGw1n8nPzGYZfeOKddCQg6fpez3q1kQJf:X3p+VOwePzzKPCQg6fpezAV

    • Drops file in Drivers directory

    • Stops running service(s)

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Downloads MZ/PE file

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks