General

  • Target

    BBVAMT1030493.exe

  • Size

    539KB

  • Sample

    201109-6rqlyxt3xe

  • MD5

    29d9bf29512c7f61abd820368c3a3433

  • SHA1

    07e335dc028b9bf703780f2411b107a03ae5b31e

  • SHA256

    0904cc3ac5743bc4e4f4dcfa31ec6cfe449c12646542f970cbfd53d8dd6915bf

  • SHA512

    775fda440e7dd2eecee65db3513fab3fca9c490678a21988f30a225036d2edbe90c14b2ce624452fc08812536f033069639902410eef7b94753516d16752f2dd

Malware Config

Targets

    • Target

      BBVAMT1030493.exe

    • Size

      539KB

    • MD5

      29d9bf29512c7f61abd820368c3a3433

    • SHA1

      07e335dc028b9bf703780f2411b107a03ae5b31e

    • SHA256

      0904cc3ac5743bc4e4f4dcfa31ec6cfe449c12646542f970cbfd53d8dd6915bf

    • SHA512

      775fda440e7dd2eecee65db3513fab3fca9c490678a21988f30a225036d2edbe90c14b2ce624452fc08812536f033069639902410eef7b94753516d16752f2dd

    • 404 Keylogger

      Information stealer and keylogger first seen in 2019.

    • 404 Keylogger Main Executable

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks