General

  • Target

    IDMan.exe

  • Size

    2.2MB

  • Sample

    240501-mbqd4seg39

  • MD5

    51795f08923dbf3be852e54fd99f1a58

  • SHA1

    d9280c50de44b70750057eb35f8f2ec104aacbde

  • SHA256

    e5f6fba9e0737c56f936da66c1e66841ae893f784672ba1e39aca23a054e8c29

  • SHA512

    b918ce1aff10ad51893c43c75da28027536cc64e01a7bf1611c010d95b584f2b35cfb7b300e4ab0f06b1224b1e188f0c0484c63f3d3a6d8a67399ab2b92e9083

  • SSDEEP

    49152:jANPI37U04kibKRwM3eRQs67rFEVQjXtkVAL+3sCTZhYpzSTNfM9oZbQT:sa3QbKRv5WsdkVH3s022TNf2GQT

Malware Config

Targets

    • Target

      Device/HarddiskVolume5/Program Files (x86)/Internet Download Manager/IDMan.exe

    • Size

      5.4MB

    • MD5

      0bc6cba0a41dd13920a298f78d93be39

    • SHA1

      2e798f78de6f12a66773291f529860b5f746b300

    • SHA256

      83ec3be9c18bf96760981156ab2b09976f914a57fb0dddc431d96aada0a3572e

    • SHA512

      eb4dbe438329cca62c634f6b6592a6e93bcfc420c49c12e7725e100cd18c60871b843b8091e2d5e0f00f18c00c09ba71a7f681288bdda2e834f0f6a04484dd17

    • SSDEEP

      98304:GKxRnF8n6G+T5qP4RhR8qLf3gbz2FSmaI7dl0aH:PNyn6GsTBQbz2FSmaI7dlXH

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks