General

  • Target

    InjDc.exe

  • Size

    147KB

  • Sample

    240619-1rz55sxgmn

  • MD5

    9f303a5acc27fe3e213ecd4c88b4e995

  • SHA1

    5c007f3f0b89f24c8b839bf28438e4bf6591f990

  • SHA256

    880d2145c167ba6547a3741cb8489b9560877070b3e1cd8cddb29cc5891804c4

  • SHA512

    6916906cd14b89e4771bffe1a50a84218125c07751b7e414ecf8b6801b5d19291ed7caccdcc47b795752b1ea216eddb06004aaef65d80720d3178dcbdd0b3a64

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVXEL+jR:UVqoCl/YgjxEufVU0TbTyDDalRVR

Malware Config

Targets

    • Target

      InjDc.exe

    • Size

      147KB

    • MD5

      9f303a5acc27fe3e213ecd4c88b4e995

    • SHA1

      5c007f3f0b89f24c8b839bf28438e4bf6591f990

    • SHA256

      880d2145c167ba6547a3741cb8489b9560877070b3e1cd8cddb29cc5891804c4

    • SHA512

      6916906cd14b89e4771bffe1a50a84218125c07751b7e414ecf8b6801b5d19291ed7caccdcc47b795752b1ea216eddb06004aaef65d80720d3178dcbdd0b3a64

    • SSDEEP

      1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVXEL+jR:UVqoCl/YgjxEufVU0TbTyDDalRVR

    • Modifies visiblity of hidden/system files in Explorer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks