General

  • Target

    iltst.zip

  • Size

    1006KB

  • Sample

    241113-scl1zatfqc

  • MD5

    326b7bbae46e8abe277e63095d9efe4f

  • SHA1

    70b8d8ce804a8989eb74d3901331776d97bc5c35

  • SHA256

    1d6f7584e8fc83a87851e579dc867c32792bcd329b7280bb100d9e0cba730b04

  • SHA512

    48773399bbf25b2931abe25e333e3245f3c562738991130a008efaf328c48ec8870db4da298798e6c5e5d4feda7f5ed8f095d6bb4d634d26ec37c033e3e67957

  • SSDEEP

    24576:5WlzeSSr2jN2T/9RrNrwPfdySQp+gZbAUfxEOOn6O4GLRzPw:AFyr2jNq9Rrody/+wbAjOOntq

Malware Config

Targets

    • Target

      TrustsFloors.exe

    • Size

      5.0MB

    • MD5

      fa336bf8da39c7038728337838c89549

    • SHA1

      6fe9f7814e263b5586749890eec7d4476e152a19

    • SHA256

      54c17aaa9120aced43dd39d40e08f6626cc295b715aff5975810faa62e7f3d3d

    • SHA512

      d5652bb5b4dd051fbc746cdd54150c980bcea60aecedcc4e0dd1fdd96283f87a30ddc9592c53f6233028fc416d7b9d1bf979b3302bedffae4c695e962ed63326

    • SSDEEP

      24576:Iq8TYKmZfHSrijNMJ/9R5D3OPlJySANE6ZbAsfxaOOncOSGLXTTN+:F8TDrijNO9R5kJyREabA7OOn9jU

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks