General
-
Target
3673f09e36c44e87ce76082c900906e8abf001a9e3459ab1cf995cdf9c1de54f
-
Size
729KB
-
Sample
240831-plndlstanl
-
MD5
d6d852955ac09f1d8aa3dd24e2250f00
-
SHA1
2e3ce6ef5facf77a5cbda0a1a5ce3148afdf9651
-
SHA256
3673f09e36c44e87ce76082c900906e8abf001a9e3459ab1cf995cdf9c1de54f
-
SHA512
336fe7c5e527b99c17a99ec8844086adc0e29dd028cc177db1b19d93eb91e89928ec77e25bfc7f8319b50f495dc13ef6ff8813d8bece39512d10992bbcb78532
-
SSDEEP
12288:Z3ZkHW0e9BF9QYOP0o5M9QjQCo6kDlG4W/xrQDQM/01Nwv9+GXaQxnDXZHcd:ZpF3Sso5tYpDl8xiOwFPXlxDJHg
Behavioral task
behavioral1
Sample
34c3f1bc4872912b7fcc4ca0c0b4825fcee90df86d9218c8c7d557f852ed3af1.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
34c3f1bc4872912b7fcc4ca0c0b4825fcee90df86d9218c8c7d557f852ed3af1.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
socelars
http://www.iyiqian.com/
http://www.hbgents.top/
http://www.rsnzhy.com/
http://www.znsjis.top/
Targets
-
-
Target
34c3f1bc4872912b7fcc4ca0c0b4825fcee90df86d9218c8c7d557f852ed3af1
-
Size
1.4MB
-
MD5
6ed21f7aa1df0769e185b6dba72084f9
-
SHA1
0cb7edceb3b79b6e723144789b4c6549daa57f05
-
SHA256
34c3f1bc4872912b7fcc4ca0c0b4825fcee90df86d9218c8c7d557f852ed3af1
-
SHA512
bbfb5f5660b185ef5cf3ff141d36f0f88c427eca9fe4996b82fbc0f340944bbb3fc2dccce45da1445e76b3f63ecdacfa73ed932d444dcb13abb256073c815737
-
SSDEEP
24576:axpXPaR2J33o3S7P5zuHHOF26ufehMHsGKzOYffEMSXkdOZ1w6:apy+VDr8rCHSXuOZu6
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1