Overview

overview

8

Static

static

3

MalwareByt...es.exe

windows7-x64

8

MalwareByt...es.exe

windows10-2004-x64

8

MalwareByt..._2.exe

windows7-x64

8

MalwareByt..._2.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareBytes_420_siz_1_original.7z

  • Size

    136.9MB

  • Sample

    230316-2vxd4adc27

  • MD5

    45b2d329cfac37669e3f73a322737645

  • SHA1

    86c57cc069d92318e5d21736b5a466fbca9eb0f8

  • SHA256

    fa4b889544cc05775420aeecc3a7881ff2edd6215d73d11b336203415dcd579a

  • SHA512

    a4862a581734168ec2c2ff20080d3e227a38ee5135c092a651ab42f635fd672e12580c44139f7235104481ec488239346722b0e18dadeb0684de52967bae7db8

  • SSDEEP

    3145728:OFPekzElcW3HBTW7K0DaiHV7d5R7WzG6491MDORH51GnUTxy:QPeKElcW5WTN2zG1MDmH5qUTxy

Score
8/10
discoverypersistencepyinstallerspywarestealer

Malware Config

Targets

    • Target

      MalwareBytes_420_siz_1_original/LicenseMalwareBytes.exe

    • Size

      7.9MB

    • MD5

      487901443f9e51ad732b1cd856b03c69

    • SHA1

      4b3d2e271666fe17ef7e9db34743babf814abae8

    • SHA256

      2de955cb5926261634ce51565e5cc9fd52ebccd9c3b7f8b5dd1db369cb1f9731

    • SHA512

      72d81ee6a62059eaa0a3ab9f4d0a5e489d039ef263cb8af66840a386d52e8a6c11b3377f247bb50cae3915155cad7699e568642d27174913a4f05ca8df7c5928

    • SSDEEP

      196608:JWCfUgRrs7TpVVuWJysVYvsOgtdIQLOMIdiwoEbPva8Mho:TfDRrG8WJvtaL/dNDvba

    Score
    8/10

    • Drops file in Drivers directory

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      MalwareBytes_420_siz_1_original/setup_patch_2.exe

    • Size

      173.2MB

    • MD5

      cd534e752847f28c6a77db887ba9a552

    • SHA1

      ed7ecf4efcf342daeb54159fe99ecbaa2dc182e4

    • SHA256

      621e00927d53c57ae9ce96dfa1902efece5c9df9dee956e1f443bc07896afa10

    • SHA512

      2e1ff63ac1de34fac2ac39b98c698e4e9c6d6e5850a111847e8d470a47e4494795d92312b9e5f110719d6f2092a37d9ec4cd712ce384c093d7c6715c6c23d63e

    • SSDEEP

      3145728:eNuKwAjg9p/y+ELRZ2T0014OLdqIcYKf2ToiKYNK9p/y+ELRZ2Ts1hYCKy:eIKwAj6y5aSZIcMToBYN4y5a4YCKy

    Score
    8/10
    discoverypersistencespywarestealer

    • Drops file in Drivers directory

    • Sets service image path in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks