General

  • Target

    Zbicswp.exe

  • Size

    984KB

  • Sample

    200718-vfc4gl3ctx

  • MD5

    622dca0ee8175c9a20456d8892d35a80

  • SHA1

    d45a2f22186a3b494ef1237028b29eea72cc9cca

  • SHA256

    f01669ff0af4c1b8f4f15985fae94c302537ed8affc5b2fe01534594036218f2

  • SHA512

    094ce631693c4c83ebf1d2728e99eb36cf65cdc6a63336cfba982b4ca0332496247f114760c1150aaecd4dc48caf23b386aefef4ffb14f7439407585fd16ec28

Malware Config

Targets

    • Target

      Zbicswp.exe

    • Size

      984KB

    • MD5

      622dca0ee8175c9a20456d8892d35a80

    • SHA1

      d45a2f22186a3b494ef1237028b29eea72cc9cca

    • SHA256

      f01669ff0af4c1b8f4f15985fae94c302537ed8affc5b2fe01534594036218f2

    • SHA512

      094ce631693c4c83ebf1d2728e99eb36cf65cdc6a63336cfba982b4ca0332496247f114760c1150aaecd4dc48caf23b386aefef4ffb14f7439407585fd16ec28

    • Adds policy Run key to start application

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks