Resubmissions

23-08-2024 08:15

240823-j5nwlatbmb 8

23-08-2024 08:10

240823-j268rswalq 8

23-08-2024 08:03

240823-jxqp8asgra 8

General

  • Target

    Browser.exe

  • Size

    2.8MB

  • Sample

    240823-jxqp8asgra

  • MD5

    d56982698571e62105ef3ff241810641

  • SHA1

    0c6266909d94f6766910aa4811866e17aeac2a4c

  • SHA256

    11c79f7dfbbcace2d9257a5f764e39b7628ea1c5846091034ea04de1d3c7b8e5

  • SHA512

    2b5070169f96a11eaace035cf14eafb6583a42a16f0f6cd134e3c6bd748438df679c8a5e66241fa3b8f8465ad232d700d801ae4eed5fa6669900e58502f83bd1

  • SSDEEP

    49152:d9eqEv3I8W6i4FhhVLU4I5ZJu2vY5go7e/7QIMUfPIkz90UhErM9+57r3qJUzTI:HSYSVLI5LDv8V7e/7QIM0px87z

Malware Config

Targets

    • Target

      Browser.exe

    • Size

      2.8MB

    • MD5

      d56982698571e62105ef3ff241810641

    • SHA1

      0c6266909d94f6766910aa4811866e17aeac2a4c

    • SHA256

      11c79f7dfbbcace2d9257a5f764e39b7628ea1c5846091034ea04de1d3c7b8e5

    • SHA512

      2b5070169f96a11eaace035cf14eafb6583a42a16f0f6cd134e3c6bd748438df679c8a5e66241fa3b8f8465ad232d700d801ae4eed5fa6669900e58502f83bd1

    • SSDEEP

      49152:d9eqEv3I8W6i4FhhVLU4I5ZJu2vY5go7e/7QIMUfPIkz90UhErM9+57r3qJUzTI:HSYSVLI5LDv8V7e/7QIM0px87z

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks