General
-
Target
spacers(2).rar
-
Size
27.9MB
-
Sample
241119-wv7beayrfw
-
MD5
6824e3c4cda26f8ead333030c2a0a64c
-
SHA1
24c0153fb55d83be6c67ae0847497f175a3ff63e
-
SHA256
c1ea53cb2951b232b9c5ddac8896693521dfb49f3c5a5d3d6ef0837d4a9b771e
-
SHA512
1ab4239ffda8a81aa9c5fd789884f6f5b08c9de954ddcfc262a45730365ae2ce264adce2124b8b4a1c902f1f305c01e5e51ba3e71f6fa7e26707197c708146dd
-
SSDEEP
786432:RagDdH0m4nCPk0TBh162jGRBibjir3tKRnlC:RaghH4mkY62CzifirUXC
Malware Config
Targets
-
-
Target
spacers.exe
-
Size
73.9MB
-
MD5
6a668035023decc0a92a93c2780250ae
-
SHA1
8298ead3e25dbba44b8265acfea1d5bc92437f4f
-
SHA256
7ce2dc60d9c599fec04e7bacb8ab88adc825a11d57809a8ddf86b87e9324398b
-
SHA512
d81cebcdb35277e2eb9c34c545274ed5f7c1652dccd45dacc301b718ca0a3ac87bcd48bf4bc716a1fdf8c2cf13ef7c1658b3227d7d170bbe3d3341b9ce75c188
-
SSDEEP
393216:GQaAlwWEraEssgBjgV0XR/3tVe+6dAy6FPWv+hZQu58EISEhoIaE2FShX0Ix6VGp:G+3LQxhnLUYg3muRovxOOxUj/Y
Score8/10-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1