General

  • Target

    GrandMenu3.67.exe

  • Size

    17.9MB

  • Sample

    241204-1fhrqasmfw

  • MD5

    9bcac3afc05db712e05ab17ee8f35429

  • SHA1

    2a112a53bef940b846e9444e2a9e9456b5d91f17

  • SHA256

    1991c605265badf511e64921c30fdb6ba951b5bb46a85c16fcfe53232b6ce290

  • SHA512

    e93ce329ed9a2a1220b1f4ea5753f1b513e11c1e8395bbfbd461ed92e5597821d161316bbac8165e934cb629746d24dcb283622abd493e40df398ad9d653f516

  • SSDEEP

    393216:LqPnLFXlr/QMDOETgsvfGnxge2cvEl/yQdGSF9Yq:ePLFXN/QREOx21laQsSt

Malware Config

Targets

    • Target

      GrandMenu3.67.exe

    • Size

      17.9MB

    • MD5

      9bcac3afc05db712e05ab17ee8f35429

    • SHA1

      2a112a53bef940b846e9444e2a9e9456b5d91f17

    • SHA256

      1991c605265badf511e64921c30fdb6ba951b5bb46a85c16fcfe53232b6ce290

    • SHA512

      e93ce329ed9a2a1220b1f4ea5753f1b513e11c1e8395bbfbd461ed92e5597821d161316bbac8165e934cb629746d24dcb283622abd493e40df398ad9d653f516

    • SSDEEP

      393216:LqPnLFXlr/QMDOETgsvfGnxge2cvEl/yQdGSF9Yq:ePLFXN/QREOx21laQsSt

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks