Resubmissions

21/10/2024, 15:57

241021-tdwggazhlr 3

21/10/2024, 15:49

241021-s9p4wszgrk 8

General

  • Target

    VencordInstallerCli.exe

  • Size

    6.3MB

  • Sample

    241021-s9p4wszgrk

  • MD5

    57c6f59b4139374c5be091d7c8c8e453

  • SHA1

    bfb1f6ffa23c1c4493b64da704622f0341171097

  • SHA256

    466d2a0be1f380ddffed052df3cc132125fa34dc1af29312e14f13f358c8d2a2

  • SHA512

    2544c9c17d0e2fd41f9802881e0d08bba5d299f5b48201316e00bd7b0446a1dc125ac8b6203e3cf663f25309df6fea4a58abb8dee96f6cb341d3a056ce6bdfe5

  • SSDEEP

    49152:Ng8SpDPb2hZliMv7jrfvE7VJxHylRZJDA7iscU8ijRJHd3lq1mXN5WQye8m067OY:K8c7S1ikjr+Hw/JK3PV4lSn

Malware Config

Targets

    • Target

      VencordInstallerCli.exe

    • Size

      6.3MB

    • MD5

      57c6f59b4139374c5be091d7c8c8e453

    • SHA1

      bfb1f6ffa23c1c4493b64da704622f0341171097

    • SHA256

      466d2a0be1f380ddffed052df3cc132125fa34dc1af29312e14f13f358c8d2a2

    • SHA512

      2544c9c17d0e2fd41f9802881e0d08bba5d299f5b48201316e00bd7b0446a1dc125ac8b6203e3cf663f25309df6fea4a58abb8dee96f6cb341d3a056ce6bdfe5

    • SSDEEP

      49152:Ng8SpDPb2hZliMv7jrfvE7VJxHylRZJDA7iscU8ijRJHd3lq1mXN5WQye8m067OY:K8c7S1ikjr+Hw/JK3PV4lSn

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks