Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity
July 31, 2024, 10:59 a.m.
Description
On July 24, 2024, CrowdStrike Intelligence identified an unattributed spearphishing attempt delivering an inauthentic installer impersonating CrowdStrike's Crash Reporter through a website targeting a German entity. The site utilized JavaScript obfuscation to deliver the malicious installer, which contained CrowdStrike branding, German localization, and a password requirement. The actor employed anti-forensic techniques like subdomain registration and timestomping, indicating targeted, operational security-conscious behavior.
Date
| Published | Created | Modified |
|---|---|---|
| July 31, 2024, 10:47 a.m. | July 31, 2024, 10:47 a.m. | July 31, 2024, 10:59 a.m. |
Indicators
a7516a15e1857996373191795c79244c8f5c8deb1f17ba5dbadeac28e18ec1c7
99bb0f05fd135218a5c4b8cac42e58274086b543d001d7227c8f6a2b7722f425
80304da1e333ed581378797ad8b0b8d81a8ac5928b83423702f0de30f1616225
82ef869e8f7accde731f8c289f19436347a30af1d53c8f61bde5bac8bc91ad1a
41143b2e4bbb9279ba0bbb375748530cc4887cc965967e5c0cc9a39dc44937d6
Attack Patterns
T1566.002
T1204.002
T1566.001
T1036
T1140
Additional Informations
Germany