General

  • Target

    url[1]

  • Size

    1KB

  • Sample

    241108-qrjs2stbnq

  • MD5

    b18027532341ae16dea3ec90dd36a4e1

  • SHA1

    5f90141787b0d1bf268f985850f2daedd37170c7

  • SHA256

    3ae5aa8e2e3edf132da47617dc7cb5111b461508175775115f32caa7ac4d3895

  • SHA512

    5e9fb0057f1396bfed1759b51c868122071f18f076d9cd159ef6108498144497ddf0c209af0ebba77b0137389b8c68a51469fdbc2badbf7b27d062ed96ea16a5

Malware Config

Targets

    • Target

      url[1]

    • Size

      1KB

    • MD5

      b18027532341ae16dea3ec90dd36a4e1

    • SHA1

      5f90141787b0d1bf268f985850f2daedd37170c7

    • SHA256

      3ae5aa8e2e3edf132da47617dc7cb5111b461508175775115f32caa7ac4d3895

    • SHA512

      5e9fb0057f1396bfed1759b51c868122071f18f076d9cd159ef6108498144497ddf0c209af0ebba77b0137389b8c68a51469fdbc2badbf7b27d062ed96ea16a5

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Detected potential entity reuse from brand STEAM.

MITRE ATT&CK Enterprise v15

Tasks