Resubmissions

07-04-2024 23:06

240407-23wgrshd72 7

07-04-2024 22:33

240407-2gjwvage2w 7

07-04-2024 22:21

240407-193nzsgd62 3

General

  • Target

    Judosa_Point.rar

  • Size

    73.5MB

  • Sample

    240407-23wgrshd72

  • MD5

    def5592d03bc4b81ec15d3781b7f3116

  • SHA1

    911424ea344c6d8882c096fb5d805850d541b570

  • SHA256

    4ef44954ca1192d62c7305a7ba83986a3c98744a112ae7b4ea5a1afe635f5887

  • SHA512

    842f2a7ce881313609ee7dc542a4ebee2a18fba51367f426270281ec6e25bf92519a9b579460822e9495389d6a889ab653acb839cb5a7a4f9c36c7d29a3f72ad

  • SSDEEP

    1572864:Nq/R0P0czoCx3D0frZCsmHaOl2/IzA7kfzIp8sQk/JwjkIq7xx:YLczoS3oZCRfW/7kLIp8g/yjLq7xx

Malware Config

Targets

    • Target

      Judosa Point.exe

    • Size

      73.4MB

    • MD5

      eb3f4d5675cb14b5319088e6f467e75a

    • SHA1

      a6761e558df1db71137ac621bd305def9f77814b

    • SHA256

      972c671ab90ff0f6918f9e50b5c03ba03eb137a103d58c8f9296a45198e5795f

    • SHA512

      b00d4eb2e8802c20b50674d9f0d4de655fb157727f7a85b28adf77a72d9485c79ffe2358e0ff65de5ceaa38e90fed6d00a00f1f816607220b73778a1ae36504b

    • SSDEEP

      1572864:PpJ39Kk9MjWKCKVM5B8ceyIS7nqYdd6hIEhSmnJZxRByuZXFqsB:Pwk9MjxCSE/vP7nMhJnzxRB5ZX5B

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • An obfuscated cmd.exe command-line is typically used to evade detection.

MITRE ATT&CK Enterprise v15

Tasks