General

  • Target

    improved tweaks.exe

  • Size

    65.5MB

  • Sample

    241030-1ec5vasqhl

  • MD5

    780ffa5e6f779c4202704a0b14b33037

  • SHA1

    6fff3d62e6bd900752d27047d348bb3c3235d055

  • SHA256

    809e37aee4ef5186d3165f513b92aaeca5a389acb6c54639f974d2b0145e5d65

  • SHA512

    36528933a2ce78b45db2305edc1fcbf4fa567eeafbc579aa4dea89828bfb385c6c85142161b351f8a690a466c8b65bd22d725d74a5791247a522c011a1842123

  • SSDEEP

    1572864:xQ9zMLX5WJoWbgWRSgkNOXWxtQSNLiIc3yxpydO6nKjZ+Kp:xQ8X5M3gbcKCmc3h46AN

Malware Config

Targets

    • Target

      improved tweaks.exe

    • Size

      65.5MB

    • MD5

      780ffa5e6f779c4202704a0b14b33037

    • SHA1

      6fff3d62e6bd900752d27047d348bb3c3235d055

    • SHA256

      809e37aee4ef5186d3165f513b92aaeca5a389acb6c54639f974d2b0145e5d65

    • SHA512

      36528933a2ce78b45db2305edc1fcbf4fa567eeafbc579aa4dea89828bfb385c6c85142161b351f8a690a466c8b65bd22d725d74a5791247a522c011a1842123

    • SSDEEP

      1572864:xQ9zMLX5WJoWbgWRSgkNOXWxtQSNLiIc3yxpydO6nKjZ+Kp:xQ8X5M3gbcKCmc3h46AN

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks