General

  • Target

    Akbank Hesap Özetiniz.exe

  • Size

    784KB

  • Sample

    200708-8wxy1rac9j

  • MD5

    23afabf8de05352048a78d1bbc3ad46f

  • SHA1

    622f907c7c517b301818224901aeec8392a1dabe

  • SHA256

    d87c321887e33a1f90a29b21be81459835a725d9a056916b1cafaaacc06169f5

  • SHA512

    495e318896f2db02f8d7fe8a100e5e760118d6ffb0f3aa5d6e9e1d0b1c22180679b749e48b9d6f8ea9fae4d051be7af7c64df469a4a23413ce560f913d1e4813

Malware Config

Targets

    • Target

      Akbank Hesap Özetiniz.exe

    • Size

      784KB

    • MD5

      23afabf8de05352048a78d1bbc3ad46f

    • SHA1

      622f907c7c517b301818224901aeec8392a1dabe

    • SHA256

      d87c321887e33a1f90a29b21be81459835a725d9a056916b1cafaaacc06169f5

    • SHA512

      495e318896f2db02f8d7fe8a100e5e760118d6ffb0f3aa5d6e9e1d0b1c22180679b749e48b9d6f8ea9fae4d051be7af7c64df469a4a23413ce560f913d1e4813

    • UAC bypass

    • Windows security bypass

    • Adds Run entry to policy start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks