General
-
Target
Gtag account Gen (maybe works).exe
-
Size
58.0MB
-
Sample
241007-swkx1szbpk
-
MD5
da151f3b7f812e244ea8531fc1a9b797
-
SHA1
f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37
-
SHA256
2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988
-
SHA512
9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c
-
SSDEEP
1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl
Behavioral task
behavioral1
Sample
Gtag account Gen (maybe works).exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Gtag account Gen (maybe works).exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Gtag account Gen (maybe works).exe
-
Size
58.0MB
-
MD5
da151f3b7f812e244ea8531fc1a9b797
-
SHA1
f1d6afbf71d1dbe9877340ee0c4dfeb450bf0d37
-
SHA256
2bcdb11106378b488e97717de40cc05d2eef4c2b3df6adecf8daa8771ad64988
-
SHA512
9a52cf415824fccab919ea44c92bbbe4656f0a2a623ec5e7cf3ffdcdd15deca69b47308e755e260b3e439b4378202942219f0da4b30ae4f0b3389b0ba880481c
-
SSDEEP
1572864:BiFhyZZIl0B/Cip8weeQIB5eSKY47f++yBd7XM5nZ7vA:UhyZm4/Cip8cHXb4LTShc5nl
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1