General
-
Target
Browser.exe
-
Size
2.8MB
-
Sample
240823-j5nwlatbmb
-
MD5
d56982698571e62105ef3ff241810641
-
SHA1
0c6266909d94f6766910aa4811866e17aeac2a4c
-
SHA256
11c79f7dfbbcace2d9257a5f764e39b7628ea1c5846091034ea04de1d3c7b8e5
-
SHA512
2b5070169f96a11eaace035cf14eafb6583a42a16f0f6cd134e3c6bd748438df679c8a5e66241fa3b8f8465ad232d700d801ae4eed5fa6669900e58502f83bd1
-
SSDEEP
49152:d9eqEv3I8W6i4FhhVLU4I5ZJu2vY5go7e/7QIMUfPIkz90UhErM9+57r3qJUzTI:HSYSVLI5LDv8V7e/7QIM0px87z
Malware Config
Targets
-
-
Target
Browser.exe
-
Size
2.8MB
-
MD5
d56982698571e62105ef3ff241810641
-
SHA1
0c6266909d94f6766910aa4811866e17aeac2a4c
-
SHA256
11c79f7dfbbcace2d9257a5f764e39b7628ea1c5846091034ea04de1d3c7b8e5
-
SHA512
2b5070169f96a11eaace035cf14eafb6583a42a16f0f6cd134e3c6bd748438df679c8a5e66241fa3b8f8465ad232d700d801ae4eed5fa6669900e58502f83bd1
-
SSDEEP
49152:d9eqEv3I8W6i4FhhVLU4I5ZJu2vY5go7e/7QIMUfPIkz90UhErM9+57r3qJUzTI:HSYSVLI5LDv8V7e/7QIM0px87z
Score8/10-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1