Overview

overview

9

Static

static

1

34cc9d3bb4...d3.exe

windows7-x64

9

34cc9d3bb4...d3.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34cc9d3bb444786898b4a21a298a66e0d88cbd551caec83c2e34b28b51d81fd3

  • Size

    11.2MB

  • Sample

    221124-pcklcsfg51

  • MD5

    ca28de04fa510b0fbd6d11c15bbafa75

  • SHA1

    123da97059b31e390738800e9b70da1485ca4014

  • SHA256

    34cc9d3bb444786898b4a21a298a66e0d88cbd551caec83c2e34b28b51d81fd3

  • SHA512

    8024cba327c1f551b2be3aa69a710fd9fabda5e496ab6f9bcd0f98b77f902dd0c9704de867982ba228694bd093b77f99a6f4cde3af53a3c8a16f4adbf96f2be8

  • SSDEEP

    196608:7147FJg8So17a5edtjIRTSNmcUtyxoOgDbBO0C++hIk+gSwfvlGc3dm6Llo7W:ahW8So1TdtjcTSNmcUUxoc9+DiZoK

Score
9/10
adwarediscoveryevasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      34cc9d3bb444786898b4a21a298a66e0d88cbd551caec83c2e34b28b51d81fd3

    • Size

      11.2MB

    • MD5

      ca28de04fa510b0fbd6d11c15bbafa75

    • SHA1

      123da97059b31e390738800e9b70da1485ca4014

    • SHA256

      34cc9d3bb444786898b4a21a298a66e0d88cbd551caec83c2e34b28b51d81fd3

    • SHA512

      8024cba327c1f551b2be3aa69a710fd9fabda5e496ab6f9bcd0f98b77f902dd0c9704de867982ba228694bd093b77f99a6f4cde3af53a3c8a16f4adbf96f2be8

    • SSDEEP

      196608:7147FJg8So17a5edtjIRTSNmcUtyxoOgDbBO0C++hIk+gSwfvlGc3dm6Llo7W:ahW8So1TdtjcTSNmcUUxoc9+DiZoK

    Score
    9/10
    evasionupxadwarediscoverypersistencespywarestealer

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Sets file execution options in registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Software Discovery

1
T1518

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks