Overview

overview

10

Static

static

bf00a990eb...1b.exe

windows10-1703-x64

10

bf00a990eb...1b.exe

windows7-x64

10

bf00a990eb...1b.exe

windows10-2004-x64

10

Resubmissions

25-12-2022 15:09

221225-sjk29aeg6z 10

22-11-2022 09:47

221122-lr6wcshc34 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf00a990eb93a4696f6b5d6029d654ce3e2959b14db849c6630c17256c7aa31b

  • Size

    871KB

  • Sample

    221225-sjk29aeg6z

  • MD5

    8dcec334c74becd217f0f61c53a45a54

  • SHA1

    02a178c1bdd24a780c491c2efe1dcf6bb6be13f7

  • SHA256

    bf00a990eb93a4696f6b5d6029d654ce3e2959b14db849c6630c17256c7aa31b

  • SHA512

    bf8b6f0043aa222be36c4c6816a95a62a8cc17bbee4454d110d590e2bde7e3ca60504cae01196cf6a2a31f92dd874517fde082dfa505a394b2bf2bbda3a76695

  • SSDEEP

    12288:q39riVwf3iJ+HN3TF4W7Wba0WGU68RnAgqgNYEgeGEKDBjs2sd0psmCA+Pdm7Y7a:qNriy/fTFOzgCGTjUDn/MI9d

Score
10/10
allcomestealer

Malware Config

Extracted

Family

allcome

C2

http://dba692117be7b6d3480fe5220fdd58b38bf.xyz/API/2/configure.php?cf6zrlhn=finarnw

Targets

    • Target

      bf00a990eb93a4696f6b5d6029d654ce3e2959b14db849c6630c17256c7aa31b

    • Size

      871KB

    • MD5

      8dcec334c74becd217f0f61c53a45a54

    • SHA1

      02a178c1bdd24a780c491c2efe1dcf6bb6be13f7

    • SHA256

      bf00a990eb93a4696f6b5d6029d654ce3e2959b14db849c6630c17256c7aa31b

    • SHA512

      bf8b6f0043aa222be36c4c6816a95a62a8cc17bbee4454d110d590e2bde7e3ca60504cae01196cf6a2a31f92dd874517fde082dfa505a394b2bf2bbda3a76695

    • SSDEEP

      12288:q39riVwf3iJ+HN3TF4W7Wba0WGU68RnAgqgNYEgeGEKDBjs2sd0psmCA+Pdm7Y7a:qNriy/fTFOzgCGTjUDn/MI9d

    Score
    10/10
    allcomestealer

    • Allcome

      A clipbanker that supports stealing different cryptocurrency wallets and payment forms.

      stealerallcome

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks