696bccf15a7d0bb9853dabb86910c452cf1dc220a5d58643ce27a7fde8212833 | Triage

Submit
Reports

Overview

overview

8

Static

static

driver-upd...up.exe

windows7_x64

8

driver-upd...up.exe

windows10_x64

8

Resubmissions

17-11-2020 01:26

201117-zqbhmapg6s 8

15-11-2020 04:06

201115-m4aythcf8n 8

Sharing

General

Target

driver-updater-setup.exe
Size

14.5MB
Sample

201117-zqbhmapg6s
MD5

28c730da7a3851db883e72977b63c682
SHA1

4b0658c3ea50181e1186c28ded64d5697e571df6
SHA256

696bccf15a7d0bb9853dabb86910c452cf1dc220a5d58643ce27a7fde8212833
SHA512

5de52c43e49ccac93703c891b21b03b560d14b9f87af2ae01b4a61f86df969307c4b3c50e25c63b07b40e0a0c06bdf9470290dacdc888159a9a7e696713e7709

Score

8^/10

discovery spyware

Static task

static1

Behavioral task

behavioral1

Sample

driver-updater-setup.exe

Resource

win7v20201028

discovery spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

driver-updater-setup.exe

Resource

win10v20201028

discovery spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  driver-updater-setup.exe
- Size
  
  14.5MB
- MD5
  
  28c730da7a3851db883e72977b63c682
- SHA1
  
  4b0658c3ea50181e1186c28ded64d5697e571df6
- SHA256
  
  696bccf15a7d0bb9853dabb86910c452cf1dc220a5d58643ce27a7fde8212833
- SHA512
  
  5de52c43e49ccac93703c891b21b03b560d14b9f87af2ae01b4a61f86df969307c4b3c50e25c63b07b40e0a0c06bdf9470290dacdc888159a9a7e696713e7709
Score

8^/10

discovery spyware
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryspyware

behavioral2

discoveryspyware

© 2018-2024

Terms | Privacy