← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
New InnoSetup Malware Created Upon Each Download Attempt
WHITE AlienVault 2024-06-27 Modified: 2024-07-27
43
IOCs
MEDIUM VOLUME
A security intelligence report describing a new malware distribution technique where malicious code is dynamically generated for each download attempt, evading detection through unique hash values. The malware, termed 'InnoLoader', disguises itself as legitimate software installers, executing a complex sequence of downloading and executing additional payloads, including information stealers, adware, and malicious browser plugins. It employs evasion tactics like varying C2 responses and downloading benign files to hinder analysis. The report underscores the evolving strategies employed by threat actors to distribute malware and compromise systems.
innosetupstealcobfuscationlu0botmultistagepayloaddga
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Lu0Bot StealC Socks5Systemz
Indicators of Compromise (43)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0283c9517cfb46faec1735262bd58654 2024-06-27
FileHash-MD5 0738205d5a1472662b94561e004d9803 2024-06-27
FileHash-MD5 1b3ad155c454d3351cfc107344bc4ad5 2024-06-27
FileHash-MD5 2e85211a7ab36e6d7e2a4a4b5d88b938 2024-06-27
FileHash-MD5 6b5730e49a37d6ffee273790449ac037 2024-06-27
FileHash-MD5 812d99a3d89b8de1b866ac960031e3df 2024-06-27
FileHash-MD5 b4c9d60f0e2c57c34ec6cb4a564c7ee1 2024-06-27
FileHash-MD5 f8bb5272ce5d5b2e767f85e788dd4c5c 2024-06-27
FileHash-MD5 fa24733f5a6a6f44d0e65d7d98b84aa6 2024-06-27
FileHash-MD5 ff640a60d25e4bcf1ef290c3d1893a17 2024-06-27
FileHash-SHA1 51a62beab55096e17f2e17f042f7bd7dedabf1ae 2024-06-27
FileHash-SHA1 6817df1da376e8f6e68fd1ad06d78f02406b6e19 2024-06-27
FileHash-SHA256 9c5898b1b354b139794f10594e84e94e991971a54d179b2e9f746319ffac56aa 2024-06-27
FileHash-SHA256 da1b144b5f908cb7e811489dfe660e06aa6df9c9158c6972ec9c79c48afacb7e 2024-06-27
URL http://240601155351354.try.kyhd08.buzz/f/fvgbm0601001.msi 2024-06-27
URL http://240601155506901.try.kyhd08.buzz/f/fvgbm0601901.txt 2024-06-27
URL http://93.123.39.135/129edec4272dc2c8.php 2024-06-27
URL http://kapetownlink.com/installer.exe 2024-06-27
URL http://monkeyagreement.fun/coo.php?paw=401610&spot=3&a=2857&on=420&o=1662 2024-06-27
URL http://monkeyagreement.fun/coo.php?paw=762694&spot=2&a=2857&on=458&o=1688 2024-06-27
URL http://monkeyagreement.fun/coo.php?paw=787557&spot=6&a=2857&on=244&o=331 2024-06-27
URL http://monkeyagreement.fun/coo.php?paw=883174&spot=1&a=2857&on=444&o=1678 2024-06-27
URL http://monkeyagreement.fun/coo.php?paw=895836&spot=4&a=2857&on=418&o=1660 2024-06-27
URL http://monkeyagreement.fun/coo.php?paw=956684&spot=5&a=2857&on=460&o=1690 2024-06-27
URL https://cdn-edge-node.com/online_security_mkl.exe 2024-06-27
URL https://song.oaksfoxes.ltd/tid/202.exe 2024-06-27
domain brotherpopcorn.website 2024-06-27
domain caretouch.hair 2024-06-27
domain cattlebusiness.icu 2024-06-27
domain cdn-edge-node.com 2024-06-27
domain eyesnose.hair 2024-06-27
domain kapetownlink.com 2024-06-27
domain laughvein.hair 2024-06-27
domain monkeyagreement.fun 2024-06-27
domain nightauthority.xyz 2024-06-27
domain selectionword.xyz 2024-06-27
domain valuescent.website 2024-06-27
domain whipunit.hair 2024-06-27
hostname 240601155351354.try.kyhd08.buzz 2024-06-27
hostname 240601155506901.try.kyhd08.buzz 2024-06-27
hostname d9500682396017175017969210108a04a635094d7af3f018356690047bce5.aoa.aent78.sbs 2024-06-27
hostname e38ee82150cc00a8627814c6.bag.sack54.net 2024-06-27
hostname song.oaksfoxes.ltd 2024-06-27
References (1)
↗ https://asec.ahnlab.com/en/67502/