Overview
overview
9Static
static
7BruteForce...te.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...32.exe
windows10-2004-x64
3BruteForce....1.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...st.exe
windows10-2004-x64
7BruteForce...O2.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...to.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...32.exe
windows10-2004-x64
7BruteForce...AM.exe
windows10-2004-x64
9BruteForce...er.exe
windows10-2004-x64
7BruteForce...ce.exe
windows10-2004-x64
9BruteForce...te.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...gs.exe
windows10-2004-x64
7BruteForce...te.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...mt.exe
windows10-2004-x64
5BruteForce...er.exe
windows10-2004-x64
7BruteForce...ti.exe
windows10-2004-x64
1BruteForce...ER.exe
windows10-2004-x64
7BruteForce...ck.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...ET.exe
windows10-2004-x64
3BruteForce...ce.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...ys.exe
windows10-2004-x64
1BruteForce...AM.exe
windows10-2004-x64
7BruteForce...er.exe
windows10-2004-x64
7BruteForce...ml.exe
windows10-2004-x64
7Analysis
-
max time kernel
30s -
max time network
43s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
23-06-2023 22:56
Behavioral task
behavioral1
Sample
BruteForcers PACK/BruteForcers PACK/All Mail Brute/All Mail Brute.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral2
Sample
BruteForcers PACK/BruteForcers PACK/All Mail Brute/MailSoft/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral3
Sample
BruteForcers PACK/BruteForcers PACK/All Mail Brute/MailSoft/ssleay32.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral4
Sample
BruteForcers PACK/BruteForcers PACK/BTC BRUTE CHECKER 3.1/Bitcoin Brute Checker 3.1.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral5
Sample
BruteForcers PACK/BruteForcers PACK/BTC BRUTE CHECKER 3.1/dllsys/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral6
Sample
BruteForcers PACK/BruteForcers PACK/BTC BRUTE CHECKER 3.1/dllsys/bchainHost.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral7
Sample
BruteForcers PACK/BruteForcers PACK/Brute Force SEO EVO2/EVO2.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral8
Sample
BruteForcers PACK/BruteForcers PACK/Brute Force SEO EVO2/library/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral9
Sample
BruteForcers PACK/BruteForcers PACK/Cracked Amazon Brute By JLXP Crew/Amazon Brute By Erganto.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral10
Sample
BruteForcers PACK/BruteForcers PACK/Cracked Amazon Brute By JLXP Crew/procs/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral11
Sample
BruteForcers PACK/BruteForcers PACK/Cracked Amazon Brute By JLXP Crew/procs/dllx32.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral12
Sample
BruteForcers PACK/BruteForcers PACK/ExpressVPN Brute Checker By ACTEAM/ExpressVPN Brute Checker By ACTEAM.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral13
Sample
BruteForcers PACK/BruteForcers PACK/ExpressVPN Brute Checker By ACTEAM/forms/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral14
Sample
BruteForcers PACK/BruteForcers PACK/ExpressVPN Brute Checker By ACTEAM/forms/viewsource.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral15
Sample
BruteForcers PACK/BruteForcers PACK/FortNite Brute Checker 1 0 0 - Cracked By PC-RET/FortNite [Brute.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral16
Sample
BruteForcers PACK/BruteForcers PACK/FortNite Brute Checker 1 0 0 - Cracked By PC-RET/procs/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral17
Sample
BruteForcers PACK/BruteForcers PACK/FortNite Brute Checker 1 0 0 - Cracked By PC-RET/procs/RLSettings.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral18
Sample
BruteForcers PACK/BruteForcers PACK/Instagram Brute Checker By Draingrom/Instagram Brute.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral19
Sample
BruteForcers PACK/BruteForcers PACK/Instagram Brute Checker By Draingrom/settings/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral20
Sample
BruteForcers PACK/BruteForcers PACK/Instagram Brute Checker By Draingrom/settings/xmt.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral21
Sample
BruteForcers PACK/BruteForcers PACK/PORNHUB BRUTER CHECKER 2022/DATA/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral22
Sample
BruteForcers PACK/BruteForcers PACK/PORNHUB BRUTER CHECKER 2022/DATA/xpti.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral23
Sample
BruteForcers PACK/BruteForcers PACK/PORNHUB BRUTER CHECKER 2022/PORNHUB BRUTER.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral24
Sample
BruteForcers PACK/BruteForcers PACK/PSN-brutechecker-by-Bax77 pcrt/PSN v4.3 [PC-RET] Crack.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral25
Sample
BruteForcers PACK/BruteForcers PACK/PSN-brutechecker-by-Bax77 pcrt/psn/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral26
Sample
BruteForcers PACK/BruteForcers PACK/PSN-brutechecker-by-Bax77 pcrt/psn/PCRET.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral27
Sample
BruteForcers PACK/BruteForcers PACK/Psn Bruteforcer & Checker/PSN_Bruteforce.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral28
Sample
BruteForcers PACK/BruteForcers PACK/Psn Bruteforcer & Checker/db/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral29
Sample
BruteForcers PACK/BruteForcers PACK/Psn Bruteforcer & Checker/db/psnsys.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral30
Sample
BruteForcers PACK/BruteForcers PACK/Spotify Brute Checker By ACTEAM/Spotify Brute Checker By ACTEAM.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral31
Sample
BruteForcers PACK/BruteForcers PACK/Spotify Brute Checker By ACTEAM/WebDriver/Launcher.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral32
Sample
BruteForcers PACK/BruteForcers PACK/Spotify Brute Checker By ACTEAM/WebDriver/nvml.exe
Resource
win10v2004-20230621-en
General
-
Target
BruteForcers PACK/BruteForcers PACK/BTC BRUTE CHECKER 3.1/dllsys/bchainHost.exe
-
Size
523KB
-
MD5
b2c404ca1131f26172840d5a8ebe057d
-
SHA1
4e9c9722d3516212cde254a812e4c653756ab643
-
SHA256
e45b782daa60730a5d52bb4c59856e98fb073ecd7b5dc47eeeecd2c7fe46e9c1
-
SHA512
e4dc9ff863b75a298a1e139feabd1455aec0f822def9811e7fc814474e7b15637f17febc2f3c1af17933d29756c69d5cf38a1ce3a2aa4ea0989afa7b850d1e1d
-
SSDEEP
12288:m0v0okAQh7/ojoRgLwAQh7nQf+rEA2oYpB+BKVRoJbVaJup:R+DojfK8f+rEA2jpeVVaJu
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
bchainHost.exepid process 5052 bchainHost.exe 5052 bchainHost.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
bchainHost.exedescription pid process target process PID 4856 set thread context of 5052 4856 bchainHost.exe bchainHost.exe -
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4980 5052 WerFault.exe bchainHost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
bchainHost.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS bchainHost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct bchainHost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName bchainHost.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
bchainHost.exepid process 4856 bchainHost.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
bchainHost.exedescription pid process target process PID 4856 wrote to memory of 5052 4856 bchainHost.exe bchainHost.exe PID 4856 wrote to memory of 5052 4856 bchainHost.exe bchainHost.exe PID 4856 wrote to memory of 5052 4856 bchainHost.exe bchainHost.exe PID 4856 wrote to memory of 5052 4856 bchainHost.exe bchainHost.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\BTC BRUTE CHECKER 3.1\dllsys\bchainHost.exe"C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\BTC BRUTE CHECKER 3.1\dllsys\bchainHost.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\BTC BRUTE CHECKER 3.1\dllsys\bchainHost.exe"C:\Users\Admin\AppData\Local\Temp\BruteForcers PACK\BruteForcers PACK\BTC BRUTE CHECKER 3.1\dllsys\bchainHost.exe"2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 16923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5052 -ip 50521⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4856-133-0x00000000003C0000-0x0000000000448000-memory.dmpFilesize
544KB
-
memory/4856-134-0x0000000004DE0000-0x0000000004DF0000-memory.dmpFilesize
64KB
-
memory/4856-139-0x0000000002750000-0x0000000002753000-memory.dmpFilesize
12KB
-
memory/5052-135-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/5052-137-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/5052-138-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/5052-140-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/5052-141-0x0000000000400000-0x000000000045D000-memory.dmpFilesize
372KB
-
memory/5052-142-0x0000000000F40000-0x0000000000F41000-memory.dmpFilesize
4KB