bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61 | Triage

Submit
Reports

Overview

overview

Static

static

bb5e774884...61.exe

windows7-x64

bb5e774884...61.exe

windows10-2004-x64

Sharing

General

Target

bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61
Size

50KB
Sample

221124-avhgdsfd42
MD5

1bb0192da8c3e9b01ae25a4023e10da0
SHA1

e5566ca808265ae608de32706cf0c2ffaf155ebe
SHA256

bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61
SHA512

522db0eeef88d59b365fd2d9fbebb240a7d5a6891489fbccb653dca98fdcb0d55a6d565d99fc0ad1bfd6d958b427ef60b9b7eebc718767cd7b9a1ddf3f8cf62f
SSDEEP

768:epUt1E/8mS+amkLFRccny45nHguULki1iW7hf8K2Kv3IhiUtIEVWVPx:epO1Ek93yAgfg8hf8K2Kv3AiUtIE4Z

Score

10^/10

evasion persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61.exe

Resource

win7-20220812-en

evasion persistence spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61.exe

Resource

win10v2004-20220812-en

evasion persistence spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61
- Size
  
  50KB
- MD5
  
  1bb0192da8c3e9b01ae25a4023e10da0
- SHA1
  
  e5566ca808265ae608de32706cf0c2ffaf155ebe
- SHA256
  
  bb5e774884c5e468d98379e6b51e3f3fa51185372ca3c4e362ab3cc70baf1b61
- SHA512
  
  522db0eeef88d59b365fd2d9fbebb240a7d5a6891489fbccb653dca98fdcb0d55a6d565d99fc0ad1bfd6d958b427ef60b9b7eebc718767cd7b9a1ddf3f8cf62f
- SSDEEP
  
  768:epUt1E/8mS+amkLFRccny45nHguULki1iW7hf8K2Kv3IhiUtIEVWVPx:epO1Ek93yAgfg8hf8K2Kv3AiUtIE4Z
Score

10^/10

evasion persistence spyware stealer
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealer

behavioral2

evasionpersistencespywarestealer

© 2018-2024

Terms | Privacy