cb3d08dd3044e25627bc2f3e80575495f40fc11442e35a708f3f1eb28b7d82e1

General

Target

e519d0a4bab2d08e14a5c175d431ce3e.msi
Size

6.1MB
Sample

211122-xhhb7agfdn
MD5

e519d0a4bab2d08e14a5c175d431ce3e
SHA1

56f8327c426952cb3f85de5927274974c9dc89b8
SHA256

cb3d08dd3044e25627bc2f3e80575495f40fc11442e35a708f3f1eb28b7d82e1
SHA512

43372e37b07d4586f951c7911df635f375f778f9182583cdaafe8bac38e99d42da32534c445c0f2febdda0153682f83956dbcd573d942127aca8ae162ab4f350

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://autoatendimento.bb.com.br/apf-apj-acesso/#/transacao/acesso-empresa/0?v=2.28.10&t=1&tipoCliente=empresa

exe.dropper

https://www2.bancobrasil.com.br/aapf/login.html#/acesso-aapf-agencia-conta

Targets

- Target
  
  e519d0a4bab2d08e14a5c175d431ce3e.msi
- Size
  
  6.1MB
- MD5
  
  e519d0a4bab2d08e14a5c175d431ce3e
- SHA1
  
  56f8327c426952cb3f85de5927274974c9dc89b8
- SHA256
  
  cb3d08dd3044e25627bc2f3e80575495f40fc11442e35a708f3f1eb28b7d82e1
- SHA512
  
  43372e37b07d4586f951c7911df635f375f778f9182583cdaafe8bac38e99d42da32534c445c0f2febdda0153682f83956dbcd573d942127aca8ae162ab4f350
Score

10^/10
- Blocklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

Drops startup file

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2