General

  • Target

    DeluxaRel1.exe

  • Size

    388KB

  • Sample

    240531-mf8q9afc47

  • MD5

    b750576cd4e08f4a9804ca0cce97d127

  • SHA1

    5faa5ab2f5df72f587e45420550e656dcfb35aae

  • SHA256

    2d0afb9e7e14160e9df637475585fcbcf7494e57abd7cf3c117ac96e4580538d

  • SHA512

    41bcdc89f7817a7a345c604ece0c305347f8e90a46e690254be19b0f2d9d1749f560ce302c207c576b536f21e34f4de84a67811760ac12c55b8ea9f27c29b2a4

  • SSDEEP

    6144:UQkxoyWV9DSe6VlWT8b9TUTq4+9gp1gObGXKjgxBt25:UQtMPVle8chuTXCgxBt

Malware Config

Targets

    • Target

      DeluxaRel1.exe

    • Size

      388KB

    • MD5

      b750576cd4e08f4a9804ca0cce97d127

    • SHA1

      5faa5ab2f5df72f587e45420550e656dcfb35aae

    • SHA256

      2d0afb9e7e14160e9df637475585fcbcf7494e57abd7cf3c117ac96e4580538d

    • SHA512

      41bcdc89f7817a7a345c604ece0c305347f8e90a46e690254be19b0f2d9d1749f560ce302c207c576b536f21e34f4de84a67811760ac12c55b8ea9f27c29b2a4

    • SSDEEP

      6144:UQkxoyWV9DSe6VlWT8b9TUTq4+9gp1gObGXKjgxBt25:UQtMPVle8chuTXCgxBt

    • Modifies WinLogon for persistence

    • Modifies AppInit DLL entries

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks