General
-
Target
BTRSetp.exe
-
Size
258KB
-
Sample
210306-dmlyzjf54e
-
MD5
1165ce455c6ff9ad6c27e49a8094b069
-
SHA1
3ba061200d28f39ce95a2d493d26c8eb54160e85
-
SHA256
c089f4a7b15f47edfe5c4748b2f34e8962bf115e6980355d67036be35c982eb1
-
SHA512
dfa4109f3c0a6368c309ccfa0449823ad6388d122f9161e78044b48890126e26a1cfc36666f20b9800ac3ac6ced02c1132b40bb9131f5d6a5685ad5ec5a529a4
Static task
static1
Behavioral task
behavioral1
Sample
BTRSetp.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
BTRSetp.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
BTRSetp.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
BTRSetp.exe
Resource
win10v20201028
Behavioral task
behavioral5
Sample
BTRSetp.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
BTRSetp.exe
-
Size
258KB
-
MD5
1165ce455c6ff9ad6c27e49a8094b069
-
SHA1
3ba061200d28f39ce95a2d493d26c8eb54160e85
-
SHA256
c089f4a7b15f47edfe5c4748b2f34e8962bf115e6980355d67036be35c982eb1
-
SHA512
dfa4109f3c0a6368c309ccfa0449823ad6388d122f9161e78044b48890126e26a1cfc36666f20b9800ac3ac6ced02c1132b40bb9131f5d6a5685ad5ec5a529a4
-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
ElysiumStealer Payload
-
ElysiumStealer Support DLL
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
XMRig Miner Payload
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-