General
-
Target
layemor.7z
-
Size
77.8MB
-
Sample
250501-3mc6xsxwbs
-
MD5
5049cd27885c0313e9910521cba1369f
-
SHA1
26fba37d81c45db929c854bd9112f8b34620e914
-
SHA256
67133a6db3d3badb6ccc0cc51cf5395f2c50c9d4eed96782dc5e3756523eee1e
-
SHA512
766540133593a213c68e07d0bd68f809ed4d1e3fb73a160e89262a1e849ec6ad5e1f5547a728aff0cafea63f67f694d4ea4703269c56ec027dfd32b5d711909e
-
SSDEEP
1572864:nix4fPWweK4ZZSSB5Yl6p43cMpN1CY3+lm9zstfaagV2lLCGh:nfr4ZZSM5O6RMgY3x9zstzgKLVh
Static task
static1
Behavioral task
behavioral1
Sample
Layemor.exe
Resource
win10ltsc2021-20250410-en
Behavioral task
behavioral2
Sample
Layemor.exe
Resource
win11-20250410-en
Malware Config
Targets
-
-
Target
Layemor.exe
-
Size
164.9MB
-
MD5
1692d3c0aa131bdecd2f20446c96988e
-
SHA1
ad4c2fa6b3101f8b94b2992f22215771e7e36853
-
SHA256
ce05412da391972405cbd2cd918e01c69d94147b5067c6b66a97d98d7a8bcf75
-
SHA512
996c6c5e4f8ddbcdac5b36cbb1b2307d576f4c64c333cfe134641dcb5b166c3542f3b1b8432928308472dc26c000f204d44e25f3dd332542c1b3584d05a9cce9
-
SSDEEP
1572864:amIh9FimkfWTs6+LkanRWYS8a4lN+WTi6qSFK2u73JvPaKD2JsR2/tVBcpZOcrQD:QsFWY7ihS4kVP
-
Uses browser remote debugging
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Enumerates processes with tasklist
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1