Resubmissions

19-06-2024 21:43

240619-1kwjdashmf 10

19-06-2024 21:40

240619-1jjs7asgqg 10

General

  • Target

    InjDc.exe

  • Size

    147KB

  • Sample

    240619-1kwjdashmf

  • MD5

    477bc4d2024b599eba4cf3bd45a65fea

  • SHA1

    dd39afed855a65fa2be1bfb7a4b8a87d0788feff

  • SHA256

    13c714d29b196d5e7db905aa99a2b2b3f86be4bb7ea9a5433225b562c700274e

  • SHA512

    630146c48b0e8e805fb0b271e7fa643bcdb3dbdbddbca46a0b8c06000d054c25eab938e542ac6fee12710cb8fed3aca4bcd85798219a7fe0203a2fd294e62ede

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVX8L+jA:UVqoCl/YgjxEufVU0TbTyDDalRtA

Malware Config

Targets

    • Target

      InjDc.exe

    • Size

      147KB

    • MD5

      477bc4d2024b599eba4cf3bd45a65fea

    • SHA1

      dd39afed855a65fa2be1bfb7a4b8a87d0788feff

    • SHA256

      13c714d29b196d5e7db905aa99a2b2b3f86be4bb7ea9a5433225b562c700274e

    • SHA512

      630146c48b0e8e805fb0b271e7fa643bcdb3dbdbddbca46a0b8c06000d054c25eab938e542ac6fee12710cb8fed3aca4bcd85798219a7fe0203a2fd294e62ede

    • SSDEEP

      1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVX8L+jA:UVqoCl/YgjxEufVU0TbTyDDalRtA

    • Modifies visiblity of hidden/system files in Explorer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks