Overview

overview

8

Static

static

7

OperaGXSetup.exe

windows7-x64

8

OperaGXSetup.exe

windows10-2004-x64

8

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OperaGXSetup.exe

  • Size

    3.4MB

  • Sample

    230331-zdndradc26

  • MD5

    8167c12849ea1a38a97a0e5d2e131d22

  • SHA1

    378fcf0e368925a97e0b97548103e62e78f668de

  • SHA256

    9ea864181b2d4409ce2d80fe22f242790e904db23f2151a05209c947d9ec59e1

  • SHA512

    6a60ffd0ec1a8b6363ba72ad2c138d24298e44ffa8169824d153b326d43cc33d6dae927ba15799c017e4df80d8a665727bd4af7ae7c7c04ab367d8523b2b6b6c

  • SSDEEP

    98304:qPxoH1bw2wniA9q7hbBLKeqV9PdDOAz9ulhDAtmLPUFOOY961QdOjcXSnoJm:qJcb+Zq7hbyVbPtmhOGOtp

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      OperaGXSetup.exe

    • Size

      3.4MB

    • MD5

      8167c12849ea1a38a97a0e5d2e131d22

    • SHA1

      378fcf0e368925a97e0b97548103e62e78f668de

    • SHA256

      9ea864181b2d4409ce2d80fe22f242790e904db23f2151a05209c947d9ec59e1

    • SHA512

      6a60ffd0ec1a8b6363ba72ad2c138d24298e44ffa8169824d153b326d43cc33d6dae927ba15799c017e4df80d8a665727bd4af7ae7c7c04ab367d8523b2b6b6c

    • SSDEEP

      98304:qPxoH1bw2wniA9q7hbBLKeqV9PdDOAz9ulhDAtmLPUFOOY961QdOjcXSnoJm:qJcb+Zq7hbyVbPtmhOGOtp

    Score
    8/10
    persistencespywarestealerupxdiscovery

    • Downloads MZ/PE file

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      5.8MB

    • MD5

      d22b17f9663b3b987d0e235c786ac6e0

    • SHA1

      48ed5316c2a6d2a2a8d48e967cf6b3487211de76

    • SHA256

      fd0a8814b4eba8d5edbee25ab2211a764b2bc5bf4bd1a6fa06dc509368a1b1a0

    • SHA512

      26372bbe59c54e5d034b2c633842b0105ff6fa7d71ca03abc40ffd70fd01a6f9f575fdab1d8d3f73e801671a29c5096a9610d58560e8166e8edf5948d3a60e6c

    • SSDEEP

      98304:RvO6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwM:EXTU+sdgPLKfm32OFqJ4+gcygc8JjYpU

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Registry Run Keys / Startup Folder

3
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

6
T1012

System Information Discovery

6
T1082

Peripheral Device Discovery

2
T1120

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks