General

  • Target

    ECDL MANUALS.exe

  • Size

    4.5MB

  • Sample

    241108-zxqm8azdja

  • MD5

    04682426ae4d844f7fac90310e0bfd47

  • SHA1

    7928580adb10fe325e204b5e856bf8e54310e28c

  • SHA256

    d2cc63817ef57059f85c0d045c43a43996ec070842f3b772aeb8712267d9d493

  • SHA512

    2954f7c52f353b8029cb29e38145a395e09f365be3ce56ef5c95592a0ccaadc873ccdac7b75159f98d2822bdb113c4095f44660aa5647f53db6f074b5c95e74d

  • SSDEEP

    98304:eJQaLXTZx9lyUZJ5HAl1MgHcIpP3VdZVQ//i6rQUKx44bacL7ZI:eJQaLnyUNyWQdZVQhroxXbZ3O

Malware Config

Targets

    • Target

      ECDL MANUALS.exe

    • Size

      4.5MB

    • MD5

      04682426ae4d844f7fac90310e0bfd47

    • SHA1

      7928580adb10fe325e204b5e856bf8e54310e28c

    • SHA256

      d2cc63817ef57059f85c0d045c43a43996ec070842f3b772aeb8712267d9d493

    • SHA512

      2954f7c52f353b8029cb29e38145a395e09f365be3ce56ef5c95592a0ccaadc873ccdac7b75159f98d2822bdb113c4095f44660aa5647f53db6f074b5c95e74d

    • SSDEEP

      98304:eJQaLXTZx9lyUZJ5HAl1MgHcIpP3VdZVQ//i6rQUKx44bacL7ZI:eJQaLnyUNyWQdZVQhroxXbZ3O

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks