General

  • Target

    IDMan.exe

  • Size

    5.7MB

  • Sample

    240501-jt754aba7t

  • MD5

    9cd89e9eedea807cf5bea1b5439192c4

  • SHA1

    45009b9b5bff242795da81acea4fef783c4d01f5

  • SHA256

    a8d95f35089dd32803a83a7179c3597a38e9e927bea848715412b942a926cec0

  • SHA512

    382b0c20c81df18c942a502d08427b44fe19bbd92bf7417c7451fc8638d92a25d8d82f503418a1352a49ed241453c124d3a0118c88cb7f8a1e76bf3591f68f19

  • SSDEEP

    98304:nPLRKRchsKSZ9OdhP4418frP3wbzWFimaI7dlo:nt0KSZ9awgbzWFimaI7dl

Malware Config

Targets

    • Target

      IDMan.exe

    • Size

      5.7MB

    • MD5

      9cd89e9eedea807cf5bea1b5439192c4

    • SHA1

      45009b9b5bff242795da81acea4fef783c4d01f5

    • SHA256

      a8d95f35089dd32803a83a7179c3597a38e9e927bea848715412b942a926cec0

    • SHA512

      382b0c20c81df18c942a502d08427b44fe19bbd92bf7417c7451fc8638d92a25d8d82f503418a1352a49ed241453c124d3a0118c88cb7f8a1e76bf3591f68f19

    • SSDEEP

      98304:nPLRKRchsKSZ9OdhP4418frP3wbzWFimaI7dlo:nt0KSZ9awgbzWFimaI7dl

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks