8f81ea0123f8a57b0ee28606fdef3989d569e51a872fe3689c1a7fd43a954a54

Sharing

Copy URL

Twitter E-mail

General

Target

Browser Extension.zip
Size

2.4MB
Sample

230704-q5a33adf43
MD5

9ac72a24c3b755663bf953de372d378a
SHA1

51231b027a58ed0b03c565539581c8db160d7f58
SHA256

8f81ea0123f8a57b0ee28606fdef3989d569e51a872fe3689c1a7fd43a954a54
SHA512

c79bad52717619e85f3bae406325cb1925cc3dd382e91941bfa87e2433a81ed7c55d3b29c9a88ff421ab830aca8c323f12dc1ef3b047195cb39da52c7527cea5
SSDEEP

49152:KOkzwyJrtgpx44pByohGnB9BMSE+D4vumAFhLYJM7bO:K3kyJJQLplQ9BMSEVGmAFhLpHO

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  Browser Extension/.updates/Upgrade/BESetupv1.20.113.19494_Upgrade.msi
- Size
  
  2.3MB
- MD5
  
  72a2efb3d3f2336e49a26405eb290749
- SHA1
  
  97799d342986df235075d0e96239a1094570c36e
- SHA256
  
  75e8b623c5f0927755bdeda2311f04e0721580018b043fe85a290dbd8d587fad
- SHA512
  
  3edb29d81bc0ec5a6d60f7fcd2116f276e7491eada6d0168bbd3769992835f460d3734c11c336df93f750420fa246b36254e026f92fccf14ec04953cc34c9d43
- SSDEEP
  
  49152:7//YW5T68otYLN4SFvr/7RaUAHXGQt56YK1JeXl2aZjMIoDqc1IgkLLIZ:DY/oZAaeLMInSIgULi
Score

8^/10

persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Browser Extension/BrowserExtension.dll
- Size
  
  825KB
- MD5
  
  e0089559b90d69a30f59a7276d760932
- SHA1
  
  c7777017cff3cab69dd3688b895a55a33a68022d
- SHA256
  
  1fc90216a0d6148772c36e352202ad260b2b66d01e0448e67865dbf346f454c9
- SHA512
  
  5f0dbeb7ce3cb2ea7d2773baa1ceac054f54a9578b1c690d106f3b9a3c0bd8c1f2944feca9699783c5c7869201711bfc10d244158cc6c12195cd3296efbc3f03
- SSDEEP
  
  12288:kmRJhYX2wbaFdo+KDOq+jzi/+xG0XFveY8YI9u2XQt4hP:kmR3Yed/zqp/+xPXFvXb2XeSP
Score

1^/10
behavioral3 behavioral4
- Target
  
  Browser Extension/SafeBrowsingExtension/js/bg.js
- Size
  
  81KB
- MD5
  
  383bb75eba30b37858f54a1b5ca7e7f9
- SHA1
  
  36720aa19a6b920da04516344bffa0797679363e
- SHA256
  
  d15c657be2a669738e2f33ba0b87a8b456c2a168d63f7db29aba83bae870b937
- SHA512
  
  6b7730ada9647116a18069f5945f89981ac01bdd64c273a53357a9539130b6b93c5d3a120336b5f14858e2fe7a6d37ea315b23ed2d00627bb3a778fb6f1b8366
- SSDEEP
  
  1536:RnMEuERG+3C3Dq2G2k68byuLsWMIFwFZaCOM3DaV:nRh3CTqNHWt3a74A
Score

1^/10
behavioral5 behavioral6
- Target
  
  Browser Extension/SafeBrowsingExtension/js/contentscript.js
- Size
  
  27KB
- MD5
  
  c2e9402c866cb0e3dce84c9fbfea80f3
- SHA1
  
  a5ba2f4ce8cca79d776b79eec413e22d983d9649
- SHA256
  
  18b5d01371b9d75f1dd703c334677d8857afeb18c8af84cc449e4ff12865c924
- SHA512
  
  d6782fae9d6fb7c9eb19a9e94749e75cf8b4f9911721ed01e0ff3325b9d276bd7e783ad21a135ffcda8120407b9935d24ecd8954c9f72f9ab078a3365e83abb3
- SSDEEP
  
  384:/yVvOqQaUOh+Af6N+J7OkKq9SPVPb/iJjLKpRadbfS+Gckvbj98tEcrcVzhn7Shf:FO6tRb/XpROFQTj95wuRSyrgDoqF
Score

1^/10
behavioral7 behavioral8
- Target
  
  Browser Extension/SafeBrowsingExtension/js/contentscript2.js
- Size
  
  20KB
- MD5
  
  9d9f99cc7ce8efda7e2b245c784d6a79
- SHA1
  
  02a767733a6cfb957b6f3b48e67c1f5e69460751
- SHA256
  
  71b3e9de0eab0e21901651b95b5e5a2f15f29793f6cc747a22d42cff615603d2
- SHA512
  
  da4cacadb7823d3aa5bd7e4d67149a2f1121afb237bceba63dc14dfab95409f419880ae16fa2b0fa2ca3f5970850b7c4724c5d7e51e501a0c379ef22d23887e1
- SSDEEP
  
  384:iyklNXLjeDdzIVPl9I1o1CnD5KZXLjEwEbiGgDo2QJnYzZ5IlBYos/J/zvVIdGjW:0XLjlZXLjElLU7DrIlEB/zvVIojNih8m
Score

1^/10
behavioral10 behavioral9
- Target
  
  Browser Extension/SafeBrowsingExtensionEdge/js/bg.js
- Size
  
  81KB
- MD5
  
  383bb75eba30b37858f54a1b5ca7e7f9
- SHA1
  
  36720aa19a6b920da04516344bffa0797679363e
- SHA256
  
  d15c657be2a669738e2f33ba0b87a8b456c2a168d63f7db29aba83bae870b937
- SHA512
  
  6b7730ada9647116a18069f5945f89981ac01bdd64c273a53357a9539130b6b93c5d3a120336b5f14858e2fe7a6d37ea315b23ed2d00627bb3a778fb6f1b8366
- SSDEEP
  
  1536:RnMEuERG+3C3Dq2G2k68byuLsWMIFwFZaCOM3DaV:nRh3CTqNHWt3a74A
Score

1^/10
behavioral11 behavioral12
- Target
  
  Browser Extension/SafeBrowsingExtensionEdge/js/contentscript.js
- Size
  
  27KB
- MD5
  
  c2e9402c866cb0e3dce84c9fbfea80f3
- SHA1
  
  a5ba2f4ce8cca79d776b79eec413e22d983d9649
- SHA256
  
  18b5d01371b9d75f1dd703c334677d8857afeb18c8af84cc449e4ff12865c924
- SHA512
  
  d6782fae9d6fb7c9eb19a9e94749e75cf8b4f9911721ed01e0ff3325b9d276bd7e783ad21a135ffcda8120407b9935d24ecd8954c9f72f9ab078a3365e83abb3
- SSDEEP
  
  384:/yVvOqQaUOh+Af6N+J7OkKq9SPVPb/iJjLKpRadbfS+Gckvbj98tEcrcVzhn7Shf:FO6tRb/XpROFQTj95wuRSyrgDoqF
Score

1^/10
behavioral13 behavioral14
- Target
  
  Browser Extension/SafeBrowsingExtensionEdge/js/contentscript2.js
- Size
  
  20KB
- MD5
  
  9d9f99cc7ce8efda7e2b245c784d6a79
- SHA1
  
  02a767733a6cfb957b6f3b48e67c1f5e69460751
- SHA256
  
  71b3e9de0eab0e21901651b95b5e5a2f15f29793f6cc747a22d42cff615603d2
- SHA512
  
  da4cacadb7823d3aa5bd7e4d67149a2f1121afb237bceba63dc14dfab95409f419880ae16fa2b0fa2ca3f5970850b7c4724c5d7e51e501a0c379ef22d23887e1
- SSDEEP
  
  384:iyklNXLjeDdzIVPl9I1o1CnD5KZXLjEwEbiGgDo2QJnYzZ5IlBYos/J/zvVIdGjW:0XLjlZXLjElLU7DrIlEB/zvVIojNih8m
Score

1^/10
behavioral15 behavioral16
- Target
  
  Browser Extension/updater.exe
- Size
  
  882KB
- MD5
  
  f291f31c5d9bdb1a41d4ec4c68660880
- SHA1
  
  f75a5609335e0ce1e823379c66633a94aa0589c8
- SHA256
  
  4c8d8122000d5df76d0922290d471356e6929e5118518e19110c944667421765
- SHA512
  
  f27f91d328e9f01cf33795bb7f0ee4683c6d385f588647af1b13606c525a69342dfa5133e55cf4485a67a32ab80984c4d83a73290f834d57b8f984a627cbcb8d
- SSDEEP
  
  12288:ZurjZeiIdqWKFQvjawfhVw5YJ91pK2wT1F6tVWEWvlxjn3NrABHB/5j3S+ochRzR:uhSvuKapI1S+NRzJbxiL8FgW7Z/l
Score

8^/10

persistence
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Blocklisted process makes network request

Adds Run key to start application

Enumerates connected drives

Checks computer location settings

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18