Resubmissions

08/11/2024, 21:14

241108-z3m5aasnar 7

29/10/2024, 19:29

241029-x7p4bszmcn 7

General

  • Target

    System1.0.3.exe

  • Size

    66.3MB

  • Sample

    241108-z3m5aasnar

  • MD5

    457317e2c0c7b3c8e8879b679636ee22

  • SHA1

    5ab1872ec8b6d3d3e638bf1e8fcd22ac5d097188

  • SHA256

    0c973f584f9060a1f9b23516831d4eba0f8404ea8d6c697ba3917d06d01a46cc

  • SHA512

    649eb2d0f6c3d97e996b54c056804b109b04056b2e9d086b88daa137a2269ffd484a1e8ef05c5a4359494416eb2d4f08036c521824a501ae30dc19a15f0cf8d9

  • SSDEEP

    1572864:hrziNx5qATp+Tx8/zBd5XAsShFgsKtdAWqw19USTE7:Mx5q4p+MNAsS9KtTqe9UUE7

Malware Config

Targets

    • Target

      System1.0.3.exe

    • Size

      66.3MB

    • MD5

      457317e2c0c7b3c8e8879b679636ee22

    • SHA1

      5ab1872ec8b6d3d3e638bf1e8fcd22ac5d097188

    • SHA256

      0c973f584f9060a1f9b23516831d4eba0f8404ea8d6c697ba3917d06d01a46cc

    • SHA512

      649eb2d0f6c3d97e996b54c056804b109b04056b2e9d086b88daa137a2269ffd484a1e8ef05c5a4359494416eb2d4f08036c521824a501ae30dc19a15f0cf8d9

    • SSDEEP

      1572864:hrziNx5qATp+Tx8/zBd5XAsShFgsKtdAWqw19USTE7:Mx5q4p+MNAsS9KtTqe9UUE7

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • An obfuscated cmd.exe command-line is typically used to evade detection.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks