General

  • Target

    backscraper.img.zip

  • Size

    527KB

  • Sample

    230324-ng5awsga51

  • MD5

    403abf9198972d61e96a887fb027a431

  • SHA1

    521a10c2cf8b54343d6505c2fdf3f2dde7db9002

  • SHA256

    466cf0832a24b9a900aa36431f7fd69647c172c1c8054e233c473e83e50aa18f

  • SHA512

    577399b386e34cb26b8a9925fd373d898ddbefdfababcd099d3d7d55a04bd1b5e474633db55cb54a75c16b831fa293bb6662ba4c76d4c4bf01687e29b5b75fe8

  • SSDEEP

    12288:8jNm7xY41hx1BDcAv7NFANjbsDk+iXNEa5di5AOq1vr1p:8sxY4PxTDcADN6Px7NVdaAOq1vr3

Score
7/10

Malware Config

Targets

    • Target

      GlyceriaHaberdine/possessinglyBingee.jpeg

    • Size

      71KB

    • MD5

      d8733bc8f61d6db050a024b6f9c99588

    • SHA1

      a96d53152d25338fee6a582b072587e75654dde9

    • SHA256

      535b013dc73d5191b5fbf48c0050960baf499ce8dd2df4f6838bf17672afb753

    • SHA512

      ad4a7a9fa397b5aaae5c9ed8e934776e31f1c98a3db58e53831da6ff4a069d778e4b931e93155b47e3e81a73e592ccc48167cdd485e31f8a0e7f3c7c3404b70d

    • SSDEEP

      1536:5tFojEsI1ulFWIZW/9YzqaW1fZfPs/EHcf8ZXKRW8NR8ClI:FaEst29YpchfE/EHc4X6W8j8aI

    Score
    3/10
    • Target

      MainprizerMisapprehendSeastrand.lnk

    • Size

      1KB

    • MD5

      4a70fe97d9d875088349804a02ce13d9

    • SHA1

      2aec9bfc67be00cbf17194c4c4b414ea3259ce94

    • SHA256

      f2b77f5f16c71f007c234447ea1f9c976f84ab01080af3b1c4c4219fa7b287f8

    • SHA512

      65b58c1d56c72519179ebce43532aa2fba6e75babd91fc2e04de45e27f3c35a2f71646f9bd6234bb921acf4a337697426d3049f75e234b7e6d77cafc2bfe6786

    Score
    3/10
    • Target

      StanesBeseeches/Inquisitorially.cmd

    • Size

      740B

    • MD5

      d83d6ffcd16cbcd4870671952976fda8

    • SHA1

      c0f7e6f54c94579518567032d1f4eed04955ba2d

    • SHA256

      1fb1db9d2e48ed64b4fe840d2e54095638cb424cfc4d325c2ad4cb910eadc287

    • SHA512

      7908f22f6dc1f4f977bcc92c901ba64fab7b31bd3eb74d58e2a0dd0dc2e7ef7cdfa3fbf017f7f04105ed637f489cb896a1b09003a2a198be16ae812b5e359377

    Score
    7/10
    • Executes dropped EXE

    • Target

      StanesBeseeches/Pseudoconhydrine.jpeg

    • Size

      78KB

    • MD5

      5881ee2e28cef6740d54a91440635418

    • SHA1

      afab673fa3d08dc2233de3252f6bb4d43aec501f

    • SHA256

      b6b5c4cd67b2f09b41b8ee05268669d9e8866db852442678820c12e11635f4fa

    • SHA512

      2f4e03684a514b8dbda694e56173ec973e9770ffa00bbbf1b9c4eac79d26772083a6cd9dd13cc0fb8f09ea0e8ad345514cf97aeb8c99a8482d3c86f94b06ec75

    • SSDEEP

      1536:80Kf42e0LjLZ4bjUHz5L1YVcNkKzfh/W+SyVm6aNyK0jwJ:2f4r0L3YUHh1YVcNkGxA7b0jwJ

    Score
    3/10
    • Target

      chuhraFondled/longeveEctocondyle/UndersortPodalgia.wsf

    • Size

      308KB

    • MD5

      1dcf754fad54c2b87a00606217d004db

    • SHA1

      a10b9e0d84058df4c8e61f9ec9a9a453640e9f60

    • SHA256

      1b6f1d744c48df52231fe303f3c2911b3daf8b6e849d026916ced7e98948b946

    • SHA512

      311d63d4c3cc24607380c93b4828d6bfa99ba981e598c4e5ce996c462a9eb90ca0f132687888045754a18a982cfb9ae3101737cdee52a21bae942c07f2a3e2c9

    • SSDEEP

      6144:sU+pm3bu/2htEx/ooE1XRiXIJ4H/qYCWsh96bioMUv/76BPBoLFFaZDe9tNBq:sU+OZtJ4XIPcuozrzCf

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Detected potential entity reuse from brand microsoft.

    • Target

      chuhraFondled/longeveEctocondyle/glycuresisPortionable.exe

    • Size

      283KB

    • MD5

      8a2122e8162dbef04694b9c3e0b6cdee

    • SHA1

      f1efb0fddc156e4c61c5f78a54700e4e7984d55d

    • SHA256

      b99d61d874728edc0918ca0eb10eab93d381e7367e377406e65963366c874450

    • SHA512

      99e784141193275d4364ba1b8762b07cc150ca3cb7e9aa1d4386ba1fa87e073d0500e61572f8d1b071f2faa2a51bb123e12d9d07054b59a1a2fd768ad9f24397

    • SSDEEP

      6144:k4WA1B9BxDfQWKORSqY4zOcmpdlc3gJdmtolSm:H1BhkWvSqY4zvmjOwJIT

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

7
T1082

Query Registry

2
T1012

Tasks