--d8kxdir.zip

General
Target

--d8kxdir.zip

Size

9MB

Sample

220504-qgz3aageak

Score
10 /10
MD5

7c2d211e903c679f653ca6138b4cf110

SHA1

98cf44677ba20c3b927c5866a14289692d84c386

SHA256

fea70f1113b11df7ee03d4889418d06d1fa1f99d705aafdbdbfbace317812452

SHA512

a46ad87863441de74743bbb826dd0d1e960e2c3f1e86ff9b3873d8bab43cb41d06f5445ae463ce51b5f24a0808fbe887f5b79fe8e736f57d5b005af4583c08e8

Malware Config
Targets
Target

--d8kxdir.exe

MD5

275c014963f2ef27dd3e39e9c60d9da7

Filesize

7MB

Score
9/10
SHA1

53bf33dad945c79396eefdadd9f94f0c98750ba1

SHA256

7dcbc5676b17a35dfff8197bddd6c3b4575b2ec8e3f46afe3521983400d996ce

SHA512

ba0e2577d8761c649ab2bd7d0888d3c079b41c9fe4e7103d5698862df12b2e1c38c6233baac6cd9c0ccb422b36e44d5a3d7e46f7311aa099149ad41137b67b4d

Tags

Signatures

  • ACProtect 1.3x - 1.4x DLL software

    Description

    Detects file using ACProtect software.

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Checks for any installed AV software in registry

    TTPs

    Security Software Discovery
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

Target

.............exe

MD5

1c9d03acc5ce4d1565e01418e2892087

Filesize

3MB

Score
10/10
SHA1

345be215d0017d06a3934150105389730038fa69

SHA256

bdb03d50cba10bbbaea2409521c515d15f3e674e6ccabbadfec319bdc08cd1ea

SHA512

1442ad0b3af4fddc1c6980426a25f6d2c4b033902b8cc42596ad0077385ca3d56e4fed4517a61fe4d5b5b185b34030196ac9c5dcc61d93fd48292aed2b7998e8

Tags

Signatures

  • Registers COM server for autorun

    Tags

    TTPs

    Registry Run Keys / Startup Folder
  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Creates new service(s)

    Tags

    TTPs

    New Service
  • Downloads MZ/PE file

  • Executes dropped EXE

  • Possible privilege escalation attempt

    Tags

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Tasks

static1

behavioral1

8/10

behavioral3

7/10