Resubmissions

03/11/2024, 12:47

241103-p1m2dsvalh 8

03/11/2024, 12:20

241103-phstxstelf 7

03/11/2024, 12:02

241103-n7hvkstclh 7

03/11/2024, 11:40

241103-ns69masle1 7

17/02/2024, 14:11

240217-rheneagc42 10

General

  • Target

    PhobiaSlend.exe

  • Size

    82.5MB

  • Sample

    241103-phstxstelf

  • MD5

    ed862789226f7db6a6811813a708c404

  • SHA1

    72d8b6f88b42e58d1736064a753bf75a9e847dd4

  • SHA256

    cf65e87b595a810c62949408aed75be11d786cdd00f8605edce3df569c0ec59e

  • SHA512

    efb7b67ce7c60a3a3d9f3134228121379c08abfaa7c95080900ba0707df2b13b16c254ad56ae111f202fd6095b01d4c20ef8a048cfd488f78d457b2c53dd1c6d

  • SSDEEP

    1572864:oejOt7ysRZArrkOxhPfAl87HpoWjzKkaCz4CE2qMbb4KLaIMW5vXeWG6e3oD7:oN/RZlelR7Jf+Cz4CNrXLaIMW5vXeWGC

Malware Config

Targets

    • Target

      PhobiaSlend.exe

    • Size

      82.5MB

    • MD5

      ed862789226f7db6a6811813a708c404

    • SHA1

      72d8b6f88b42e58d1736064a753bf75a9e847dd4

    • SHA256

      cf65e87b595a810c62949408aed75be11d786cdd00f8605edce3df569c0ec59e

    • SHA512

      efb7b67ce7c60a3a3d9f3134228121379c08abfaa7c95080900ba0707df2b13b16c254ad56ae111f202fd6095b01d4c20ef8a048cfd488f78d457b2c53dd1c6d

    • SSDEEP

      1572864:oejOt7ysRZArrkOxhPfAl87HpoWjzKkaCz4CE2qMbb4KLaIMW5vXeWG6e3oD7:oN/RZlelR7Jf+Cz4CNrXLaIMW5vXeWGC

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      100KB

    • MD5

      c6a6e03f77c313b267498515488c5740

    • SHA1

      3d49fc2784b9450962ed6b82b46e9c3c957d7c15

    • SHA256

      b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

    • SHA512

      9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

    • SSDEEP

      3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    • Target

      $PLUGINSDIR/app-64.7z

    • Size

      82.1MB

    • MD5

      d50d02ae90a6b1fbc45917bcaf6ed953

    • SHA1

      f288e68f2116a6d13690cb73e434f5d0b2c18812

    • SHA256

      bca8413bcef31ba372e4182376c54b5303cfc4c389a0a11e66d0921bc2f0fdb9

    • SHA512

      a22d4cdddf2a456f14f86a7fd633d254e131d6170280fec155620dd76741cd626f6f81bd1ccf89771283548acc0b8b4a696d624eaf8c2bfe59615848db6093de

    • SSDEEP

      1572864:aejOt7ysRZArrkOxhPfAl87HpoWjzKkaCz4CE2qMbb4KLaIMW5vXeWG6e3od:aN/RZlelR7Jf+Cz4CNrXLaIMW5vXeWGc

    Score
    1/10
    • Target

      LICENSES.chromium.html

    • Size

      8.7MB

    • MD5

      1ca87d8ee3ce9e9682547c4d9c9cb581

    • SHA1

      d25b5b82c0b225719cc4ee318f776169b7f9af7a

    • SHA256

      000ae5775ffa701d57afe7ac3831b76799e8250a2d0c328d1785cba935aab38d

    • SHA512

      ec07b958b4122f0776a6bded741df43f87ba0503b6a3b9cc9cbe6188756dcde740122314e0578175123aaa61381809b382e7e676815c20c3e671a098f0f39810

    • SSDEEP

      24576:ZQQa6Ne6P5d2WSmwRFXe1vmfpV6k626D6b62vSuSpZ:ZMfTVQ

    Score
    4/10
    • Target

      PhobiaSlend.exe

    • Size

      168.5MB

    • MD5

      082afad563dde32ea467c377656291e0

    • SHA1

      8fae66fbb010c5f6b0f68c04f0c07020f165ce4c

    • SHA256

      581637ea6bb58e7178ec93ed88c49c75b4ecff026583e98fe5bb88a80f43dc90

    • SHA512

      4e5fd2aa3619d6fdd412dbdf61749c6f663a4707fccc727fbfa79059980b5afc97807f4046cb824b1bc67a4019385a204ab22607d528183fe44cedf4fcd41c83

    • SSDEEP

      1572864:E/QdT4uZTZzdAWGC0MgTA7XbswYArMn1H8KZr5XufKYQC63o9wjgt8HvNSDoIKBW:BCT8Qwz+5IXFxj5opW

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Target

      chrome_100_percent.pak

    • Size

      163KB

    • MD5

      4fc6564b727baa5fecf6bf3f6116cc64

    • SHA1

      6ced7b16dc1abe862820dfe25f4fe7ead1d3f518

    • SHA256

      b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb

    • SHA512

      fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2

    • SSDEEP

      3072:IOzwJCGIekwdLpsXYFAXg6IL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:IOzw1Iekam5QpK18Gb0OV8ld0GecQ3Ey

    Score
    3/10
    • Target

      chrome_200_percent.pak

    • Size

      222KB

    • MD5

      47668ac5038e68a565e0a9243df3c9e5

    • SHA1

      38408f73501162d96757a72c63e41e78541c8e8e

    • SHA256

      fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32

    • SHA512

      5412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89

    • SSDEEP

      6144:QsDQYaSN6svydHLhQegx5GMRejnbdZnVE6YoppO4:QBfSN6svydrx6edhVELoXO4

    Score
    3/10
    • Target

      d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      2191e768cc2e19009dad20dc999135a3

    • SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

    • SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

    • SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

    • SSDEEP

      49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l

    Score
    1/10
    • Target

      dxcompiler.dll

    • Size

      20.8MB

    • MD5

      a50d2db103fd2c4c8682958932fc2f67

    • SHA1

      d07eda94b238463e194a8adec1b47eb5629a3ba1

    • SHA256

      51952faea76a3c913a021899d891b6cc1c6f924a980da6b664e4b662de9d353d

    • SHA512

      aea572e1319223f26e8866679511236baefda83369fb84f4bc21706a79a8212013ac64d88c462630112badaebb96c01fd7deadc8e24f7d3e0964d61ab9b1a3f2

    • SSDEEP

      393216:cf3bamh3Jcv7eJs8V+myzJ8TBDP2nJkwyuOQwtG:cRnQedP2n2wfOQ3

    Score
    1/10
    • Target

      dxil.dll

    • Size

      1.4MB

    • MD5

      cb72bef6ce55aa7c9e3a09bd105dca33

    • SHA1

      d48336e1c8215ccf71a758f2ff7e5913342ea229

    • SHA256

      47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

    • SHA512

      c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

    • SSDEEP

      24576:LCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkr1:LCfhbh3v3mtEAQrW41obCraeRhy9ou6r

    Score
    1/10
    • Target

      ffmpeg.dll

    • Size

      2.7MB

    • MD5

      0b868eec3d789e9e04d7d9363f06d4e6

    • SHA1

      9f81ead206ab7a54328c8605ebbdc23c83a829bc

    • SHA256

      e85618dfe2a1b2c20174f8e628e9d542065ba73ef257ad6a2bceaabacb9e3dc8

    • SHA512

      8f369e68ce426fd3d54891d81ec5f228521ec065402eeeeb6cf9140007f229054fc8695a64fa8015ec91326ca324a60839d2f193f581484a56c49b4655951161

    • SSDEEP

      49152:zWjNiPDWFc04YLAfTJB05fOr5wRCpe7n6mflFR35wpE129AdL:od49T30owRCp4GH9u

    Score
    1/10
    • Target

      libEGL.dll

    • Size

      467KB

    • MD5

      f6ed3ccd44422ce187ce0e4ee31d122c

    • SHA1

      89a78cce571e3717ae24da10103b6f71d519eab6

    • SHA256

      337b7e187c7ea739032380d3a9d1f50e29761562ca9475836b36a42e3dbc9fa5

    • SHA512

      36c81afec0586dee43f3c036a58505930e4cba75fb681caf11ea004b7d8e538c3eed5826231d30bda7da02bddb12b535d83a5c16cabf669c190cc9663d3469be

    • SSDEEP

      6144:9bEUgZr3Xz4gqch5rd7fa5TyfAv5qLD21VHURpQ4kw:ZEzr3D4gFh5rd7fWvY4x9

    Score
    1/10
    • Target

      libGLESv2.dll

    • Size

      7.4MB

    • MD5

      c7fbdebe0a4287bd6b59721121705e1e

    • SHA1

      5f51d88b046de12e0128641768f99d05438f8e4e

    • SHA256

      2ffccd773bac3e3c5cc9e3a43f89deba8456f2bcaba85496af7013445b413f2d

    • SHA512

      93f51e84597c28c492c8cf2a3cf2108ca6a52c9b5fdd79d1c95bf7de6a301a21aa47342c4273044cf6709d632f0ec7fec2aac774c4128a920642bcdfb5129792

    • SSDEEP

      98304:Sr5RVJYXaTa6un3sIy+4qDBlyze6wF4NTP8lUV2UXm3fvq:Sr335u35tlyC6JTPNCfv

    Score
    1/10
    • Target

      resources.pak

    • Size

      5.1MB

    • MD5

      b858b431b144c6ffa77126be16ee84c2

    • SHA1

      dc577b6019bcd6c175fc05498c02e733d4941b84

    • SHA256

      6aaf8bf545eb7cf4e54268d1abb1f4c001e823f4f561b33d5f5353d6a815ae75

    • SHA512

      15497a26c13964577378a182bc4eb331e72a1bd7d8253c8c6cc14e4e1e97760352537cf6f9893caa8f5e80c0455780cd6c3b509e5e311839b0b0e9966d44a41e

    • SSDEEP

      98304:dc1j22juJgWPVcz+cd31kJ7JqzboHgf3nvJjjrwrWBpcdmTHWCF3UlfPcauPFcH/:OpLCJPdB831gJ8oHwhjjkrWBQmTHWo0l

    Score
    3/10
    • Target

      resources/app.asar

    • Size

      62.4MB

    • MD5

      cc041f8b369a8997eed7835f7199a257

    • SHA1

      b857625cc9c2369264c1542b654167587ca97ed5

    • SHA256

      031cc8e6dd842ad96ad5f0f842bc6ae8eb8a61a3ce3f89df6994dd00b18e10af

    • SHA512

      9a3273ff5d54a51209e293ca3951600e0d2a5b7585ffeb625828691c2f6f0752b016b367ec21d69b2648b6c7778b93a36b66ad6207e01b06b8344107292606df

    • SSDEEP

      393216:lExRAtptbitALtJKeMeneAELgImMW1S3L:lExRwtbitALtJKeMeneAELgIm1IL

    Score
    3/10
    • Target

      resources/elevate.exe

    • Size

      105KB

    • MD5

      792b92c8ad13c46f27c7ced0810694df

    • SHA1

      d8d449b92de20a57df722df46435ba4553ecc802

    • SHA256

      9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

    • SHA512

      6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

    • SSDEEP

      3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l

    Score
    3/10
    • Target

      snapshot_blob.bin

    • Size

      270KB

    • MD5

      1ceb547bbb14f663b82d03a9a66e7b07

    • SHA1

      d84594495a6295d2a1aef2d4a6601e4d1d47cc94

    • SHA256

      203764e3440af3e7842ea9bd42570d3150ebf4bb4a275be5e41721e8d55c436b

    • SHA512

      a5cd7a1912a36dd416d1f10f549d367cb3a2d272d1692851b9ebb315bed1b6567e2ea73edf7bbdb8f05790471052314f3917efc56236292c6b69ca4eac5b6431

    • SSDEEP

      3072:OPXttcgbBDoChde06wbRMYKHUeynXtxZ4fQe1:CXPh9oCWCNMXo6

    Score
    3/10
    • Target

      v8_context_snapshot.bin

    • Size

      627KB

    • MD5

      455bbb5f7452bec5d159b106fd2d527f

    • SHA1

      914b9b7317d24c54e97643d31dead958bfd48b21

    • SHA256

      ced4233679168543704dd146cb674ec4779c40e6bdbf687fff15c93bc58f8cca

    • SHA512

      6267d2623367d497d1dcea660c5e5ebaba5abaeabd75ab42e2a07d40b752c25f9b89d997c5d13f260b48e677212f860f5c387f10600163c094610e1501d716d4

    • SSDEEP

      6144:nlAKlrnVVc/eK7cPg9oCWCNM+MFjfjfGJCWXecRvUsoA4EytPcAzCYY:nZ0t7cP+Yz7Vcrz

    Score
    3/10
    • Target

      vk_swiftshader.dll

    • Size

      5.0MB

    • MD5

      25d58f71a5aa347e5afae32a887fdc31

    • SHA1

      990334cfbd88fa2957f545e0ba595594c4f6a2fc

    • SHA256

      9068181e7a22521e9d908aeaed2d3a0171437fe4581de65982e2a47bc0dc1408

    • SHA512

      322474ad405fc552700eb3a8eaf04bec43e6a45941e9db13f237729c9bdc7f1b7c1cb7c090a66ebd72f8c31f6f5d05dc04d2f99a6ef9488aa734761a8a59f8aa

    • SSDEEP

      49152:X3GH9WAPbaXjQ0S4g3DcRiyibDAiK9vNRZt3H3UyLdiHoFy12gv7DpuemXIEkVEJ:XWH9J1ED3PW7v+Im3Ka326n

    Score
    1/10
    • Target

      vk_swiftshader_icd.json

    • Size

      106B

    • MD5

      8642dd3a87e2de6e991fae08458e302b

    • SHA1

      9c06735c31cec00600fd763a92f8112d085bd12a

    • SHA256

      32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

    • SHA512

      f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

    Score
    3/10
    • Target

      vulkan-1.dll

    • Size

      925KB

    • MD5

      4a488bc7ba8f634bb413f31c28cf5941

    • SHA1

      69f6070b43a8c107ede019bf48671372e751c85d

    • SHA256

      6008f82da0997edb4f0ed2fa5818e3c993aac82d58b12174d5b204ca00e3fba3

    • SHA512

      2861e9270d312c4a0299661c1ee2572a101eb6a4c98dffa353d7d80ac3ffe439306e4b48e7914603171a832f27ec1c12154d2f3eb0f9ff30bb1eeef705eceeaa

    • SSDEEP

      24576:dDQICvMWnjSFmUSQN7G/od56Z5WdDYsH26g3P0zAk7oD:dDNwSpdN7N56Z5WdDYsH26g3P0zAk7o

    Score
    1/10
    • Target

      $PLUGINSDIR/nsis7z.dll

    • Size

      424KB

    • MD5

      80e44ce4895304c6a3a831310fbf8cd0

    • SHA1

      36bd49ae21c460be5753a904b4501f1abca53508

    • SHA256

      b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

    • SHA512

      c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

    • SSDEEP

      6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks