General
-
Target
MasonClient.exe
-
Size
145KB
-
Sample
250519-p3fp4ayjx5
-
MD5
2ad77205064f16ba30965dd451f8ce66
-
SHA1
e14ffdf19cca04fb5f6711ad6a48abe1a1a432a1
-
SHA256
3cf2c909eedbc2abe47bbebda35b74a7931f99bc0a0d4831881dd034b4c1afde
-
SHA512
dd4809375ecde9dc89d53a01ef553c2119e8a40147ecd4064f721ea1f7b54e24da76dc1f9a4c667fa38c06d71f91a1b5a9fb1d40991ce184f44279e87c5e057e
-
SSDEEP
1536:I+STVF97UN7ptQLUbdiJPRbOuWx7dBswoK89UVVnQx:I+STX1UNlhbdWPRbOh/BswoKpmx
Static task
static1
Behavioral task
behavioral1
Sample
MasonClient.exe
Resource
win10ltsc2021-20250410-en
Malware Config
Targets
-
-
Target
MasonClient.exe
-
Size
145KB
-
MD5
2ad77205064f16ba30965dd451f8ce66
-
SHA1
e14ffdf19cca04fb5f6711ad6a48abe1a1a432a1
-
SHA256
3cf2c909eedbc2abe47bbebda35b74a7931f99bc0a0d4831881dd034b4c1afde
-
SHA512
dd4809375ecde9dc89d53a01ef553c2119e8a40147ecd4064f721ea1f7b54e24da76dc1f9a4c667fa38c06d71f91a1b5a9fb1d40991ce184f44279e87c5e057e
-
SSDEEP
1536:I+STVF97UN7ptQLUbdiJPRbOuWx7dBswoK89UVVnQx:I+STX1UNlhbdWPRbOh/BswoKpmx
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1