General

  • Target

    IDMan.exe

  • Size

    5.7MB

  • Sample

    241021-qn2vfsxckm

  • MD5

    daf54987ccc97d11be5ee6b64dc67971

  • SHA1

    7a73850ddd52ec58d6872c1c65ed4527b80f22e4

  • SHA256

    b1d164a14fc8141f61f473e4a16d52d8d9bfde489ddf04c859fca4732f770a81

  • SHA512

    17d94bdc7b08ad67abdcf1a5b4cbe8eaf699bfa3e67ef158e835053c7aabd199c081ce9b0155c61e65d72fe491e15e5274a779b2c71a745532cbd2baa577eb7b

  • SSDEEP

    98304:hd2GmK+m8zSw+MU0P4b18frP3wbzWFimaI7dloT:6VK38zfqwgbzWFimaI7dlG

Malware Config

Targets

    • Target

      IDMan.exe

    • Size

      5.7MB

    • MD5

      daf54987ccc97d11be5ee6b64dc67971

    • SHA1

      7a73850ddd52ec58d6872c1c65ed4527b80f22e4

    • SHA256

      b1d164a14fc8141f61f473e4a16d52d8d9bfde489ddf04c859fca4732f770a81

    • SHA512

      17d94bdc7b08ad67abdcf1a5b4cbe8eaf699bfa3e67ef158e835053c7aabd199c081ce9b0155c61e65d72fe491e15e5274a779b2c71a745532cbd2baa577eb7b

    • SSDEEP

      98304:hd2GmK+m8zSw+MU0P4b18frP3wbzWFimaI7dloT:6VK38zfqwgbzWFimaI7dlG

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

MITRE ATT&CK Enterprise v15

Tasks