General
-
Target
_igetintopc.com_Internet_Download_Manager_6.rar
-
Size
11.7MB
-
Sample
240701-gepn4axfjb
-
MD5
9230c672bddefc3477001019bcbca27f
-
SHA1
6cbf5be30b06d5fa4276c3aa9f61078087d9e31e
-
SHA256
af31c48d80c132e90058ed0ca5f7a2061816eef48e70db70d81b6c07438177ef
-
SHA512
9a80663a3f04569701a83710a09f607559dc2a296bc3833733cdcae3c5a994cc06325532a42fe4fa2b67065956abe2f1cc2c2a51c279b30e329d5020ff4a1be0
-
SSDEEP
196608:07pUhj7A+PtClgGLCJlKeFvkr5p57MXv5Gd58cZnCh5EClPvzII0F+7IORENJhHR:OalalLqQavop5G+58yMECl3l0FgfmJ9v
Malware Config
Targets
-
-
Target
_igetintopc.com_Internet_Download_Manager_6/Download Free Software.url
-
Size
48B
-
MD5
79ff76ad99270fa910947692d9b6942e
-
SHA1
1c6b98814138be0f1523d04329c694b116aefb74
-
SHA256
8e53f7575660cd259225acad7a184d8e755729de28962468e7894429e2f7aca6
-
SHA512
449faab38f7f002f8f0d90d7333943d25be7ed5a4b0c11cb8aefc8529436e24e5d8463a9abaf340e0360428257dce588ba76021ee8d4cbf730c7a839320a4a11
Score1/10 -
-
-
Target
_igetintopc.com_Internet_Download_Manager_6/Help.url
-
Size
59B
-
MD5
8f31c5714d99a932759cdd793ada38cb
-
SHA1
6dcc8ca440cb3497425f2055182a24461375f557
-
SHA256
634069e23d07080988e92fc1a153689c492f55c6e47f761b1b04b0141180b99b
-
SHA512
14b017310e2d65a3abe02eec09eb6b0d54ae60726d570611acf4b49682bdd0ed4a2af9d0e56bf73bf299c8ca405e77c0dee703fc175ea41dbe3906d4fa316f46
Score6/10-
Checks whether UAC is enabled
-
-
-
Target
_igetintopc.com_Internet_Download_Manager_6/idman642build12.exe
-
Size
11.6MB
-
MD5
a5564865cb770eb0a714dc98215965e2
-
SHA1
f06709893bd5e762b41baca9604a8116a4854dcf
-
SHA256
9d01cc78df9756d61c7d134d6d0b6760128ac87c50acf7dae654614af0a40636
-
SHA512
866a44ef753dcc76167ef98f5452315fc5a6a3612990a5d7424fdaa20a3afc5a6b4c477116b926f7cf3c564c21191d6c25e9a1f9190eee5668bffa36639946c5
-
SSDEEP
196608:X75pFijhReE3CtvcCT32sMWuNE3gRzU6QBHH7trmKfDNxKCZzV0g4D2pe50nSv:lPij+ivCT3y/1VQBH1mSxPZSKprng
Score8/10-
Drops file in Drivers directory
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
-
-
Target
_igetintopc.com_Internet_Download_Manager_6/igetintopc.com_fix/Patch.exe
-
Size
59KB
-
MD5
27016937b5781c4f84b6b3432170f4d0
-
SHA1
bc812a8c4d44a3503ffd6a46e4fdab925c622344
-
SHA256
fc1a02b509b8f351ac45bd45efd4e7296b365545a48ffd6a14e8e07bc7189155
-
SHA512
24a726276cc53c5a0d075d1bf930e24b3a1891e0754b17c28a5a35b5677fd792d9adb55e5e0a7fe18f056febb8af4a49a5a0fac33389205d1f4dcc0060422be7
-
SSDEEP
1536:5ilGC+HMax3AZ5GiavgfreZCRIr71mazhAN5TAS:5igLV3SIareERU5mazh3S
Score8/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
-
-
Target
Patch.exe
-
Size
59KB
-
MD5
27016937b5781c4f84b6b3432170f4d0
-
SHA1
bc812a8c4d44a3503ffd6a46e4fdab925c622344
-
SHA256
fc1a02b509b8f351ac45bd45efd4e7296b365545a48ffd6a14e8e07bc7189155
-
SHA512
24a726276cc53c5a0d075d1bf930e24b3a1891e0754b17c28a5a35b5677fd792d9adb55e5e0a7fe18f056febb8af4a49a5a0fac33389205d1f4dcc0060422be7
-
SSDEEP
1536:5ilGC+HMax3AZ5GiavgfreZCRIr71mazhAN5TAS:5igLV3SIareERU5mazh3S
Score8/10-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1