General

  • Target

    TouchEn_nxKey_32bit.exe

  • Size

    13.0MB

  • Sample

    240616-jr8c3szblr

  • MD5

    f66c6cf35d41ce3eb4c941d7b107d3b5

  • SHA1

    48e9f41dbd827c0d35ba94d39a1f362ef178d971

  • SHA256

    a5a5cf58d399b5f31d34286d078ec6cc3a2bf34bef2bed8d1fbaa2d3b8058339

  • SHA512

    cc7546e1fe3c271a9d82a0600347e86c4356f4f4071db4680ef72c4b9d5c62ba20746bcfcfe615fc2351591edbe5da551c382817d0ac19541e218edaa6462ac9

  • SSDEEP

    393216:LT3FXWNXhfllcOy8/4jdpsR37OyYA7ZqJ2:X1GNXh9YPdm97ptm2

Malware Config

Targets

    • Target

      TouchEn_nxKey_32bit.exe

    • Size

      13.0MB

    • MD5

      f66c6cf35d41ce3eb4c941d7b107d3b5

    • SHA1

      48e9f41dbd827c0d35ba94d39a1f362ef178d971

    • SHA256

      a5a5cf58d399b5f31d34286d078ec6cc3a2bf34bef2bed8d1fbaa2d3b8058339

    • SHA512

      cc7546e1fe3c271a9d82a0600347e86c4356f4f4071db4680ef72c4b9d5c62ba20746bcfcfe615fc2351591edbe5da551c382817d0ac19541e218edaa6462ac9

    • SSDEEP

      393216:LT3FXWNXhfllcOy8/4jdpsR37OyYA7ZqJ2:X1GNXh9YPdm97ptm2

    • Creates new service(s)

    • Sets service image path in registry

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks