General

  • Target

    InjDc.exe

  • Size

    12KB

  • Sample

    240619-1zejeaterc

  • MD5

    343a2542d55d7f97304fc5ceb3e1f27e

  • SHA1

    0eb1550711b86852010a8c98617f4375989527e2

  • SHA256

    51525a3b6ade93704c52a3d23f6a6b7d5f54df221c6ac69269c4161b6b0bb192

  • SHA512

    2e7672d2b31e393b3981d3d2350ec5bb40076dc98def62c38c4da7719374c46e7efe817fc942f4b6f937f7250eaf111fcd93ebe20c4bafcea2b1ee17466269a3

  • SSDEEP

    192:fRmX87l139Tq6WVplwuePuxuNtvMurMxTjb03Q5tfMcB:548p139TqXhPxubvMz503M

Malware Config

Targets

    • Target

      InjDc.exe

    • Size

      12KB

    • MD5

      343a2542d55d7f97304fc5ceb3e1f27e

    • SHA1

      0eb1550711b86852010a8c98617f4375989527e2

    • SHA256

      51525a3b6ade93704c52a3d23f6a6b7d5f54df221c6ac69269c4161b6b0bb192

    • SHA512

      2e7672d2b31e393b3981d3d2350ec5bb40076dc98def62c38c4da7719374c46e7efe817fc942f4b6f937f7250eaf111fcd93ebe20c4bafcea2b1ee17466269a3

    • SSDEEP

      192:fRmX87l139Tq6WVplwuePuxuNtvMurMxTjb03Q5tfMcB:548p139TqXhPxubvMz503M

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks