General

  • Target

    MasonClient.exe

  • Size

    145KB

  • Sample

    250519-p3fp4ayjx5

  • MD5

    2ad77205064f16ba30965dd451f8ce66

  • SHA1

    e14ffdf19cca04fb5f6711ad6a48abe1a1a432a1

  • SHA256

    3cf2c909eedbc2abe47bbebda35b74a7931f99bc0a0d4831881dd034b4c1afde

  • SHA512

    dd4809375ecde9dc89d53a01ef553c2119e8a40147ecd4064f721ea1f7b54e24da76dc1f9a4c667fa38c06d71f91a1b5a9fb1d40991ce184f44279e87c5e057e

  • SSDEEP

    1536:I+STVF97UN7ptQLUbdiJPRbOuWx7dBswoK89UVVnQx:I+STX1UNlhbdWPRbOh/BswoKpmx

Malware Config

Targets

    • Target

      MasonClient.exe

    • Size

      145KB

    • MD5

      2ad77205064f16ba30965dd451f8ce66

    • SHA1

      e14ffdf19cca04fb5f6711ad6a48abe1a1a432a1

    • SHA256

      3cf2c909eedbc2abe47bbebda35b74a7931f99bc0a0d4831881dd034b4c1afde

    • SHA512

      dd4809375ecde9dc89d53a01ef553c2119e8a40147ecd4064f721ea1f7b54e24da76dc1f9a4c667fa38c06d71f91a1b5a9fb1d40991ce184f44279e87c5e057e

    • SSDEEP

      1536:I+STVF97UN7ptQLUbdiJPRbOuWx7dBswoK89UVVnQx:I+STX1UNlhbdWPRbOh/BswoKpmx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v16

Tasks