Overview

overview

8

Static

static

3

180ef49f59...66.exe

windows10-2004-x64

4

705ebd6fe0...ad.exe

windows10-2004-x64

b5af22c2ab...75.exe

windows10-2004-x64

4

Sharing

Copy URL Twitter E-mail

General

  • Target

    Grenam.A VIRUS.zip

  • Size

    824KB

  • Sample

    230711-3kr73acb7v

  • MD5

    cb673e27fa71459413bb3b4d2242c9ec

  • SHA1

    0696b3bf1a6397fa3d8325ced7824afed5c29fdb

  • SHA256

    ef19308899acb1d1369a1e5982ee8b0d3be4fc4e47c1aed0c073dee4bbf0a4ab

  • SHA512

    d253c5b623e4dea92f68fa21248101ea8bfc2b517331cd10b72027cebb761a03f6e44300744c496625b6974cb9f1f0ec6c9e565a263948f11d63dd209d8410f2

  • SSDEEP

    12288:g77uUONqHdL1IaJbankHuewkg8BmmNffbBeED1Oh+OhOhgRzmmNyjOju:SuUSebIAmnkHuSUYfsEo8OSYyjOa

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      180ef49f592f7400b4a35a0eec277ffc86e2407f551d2cb4ec6b7f1ce6747366.exe

    • Size

      521KB

    • MD5

      b23c10cade6cbd03e5772e3313dc687e

    • SHA1

      f8bde06ce8b3afa727887b1b398c1a837d3c8def

    • SHA256

      180ef49f592f7400b4a35a0eec277ffc86e2407f551d2cb4ec6b7f1ce6747366

    • SHA512

      108c162ba4bdd2d74e39a707ef7ead6ef2923a70fa4bc2decc94c2e3f83394eecaafaedb220e1f2db2640af0b6112205c97514c78463c28935bb91ea5e73c5e6

    • SSDEEP

      12288:HrMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9Vx:pZyCA8CBmn+RrNj9ay5Ix

    Score
    4/10
    behavioral1

    • Target

      705ebd6fe046aa7bdfe6e803a3051f430a77f9827e3848a0df89ac89f130d0ad.exe

    • Size

      523KB

    • MD5

      00266d4709ff7c1eef25d8afef56eff0

    • SHA1

      833121a3211e15b8c9583ed237eeb8b7e3e7b66c

    • SHA256

      705ebd6fe046aa7bdfe6e803a3051f430a77f9827e3848a0df89ac89f130d0ad

    • SHA512

      10f2dbee3eded3a011067ac29052b683a380c09694c8251c92f2909bcd6df225bb445e9fc188cfa460f4d6d6927661fa9c2a2ef3347913a1a9d0cc9f8b9db3bc

    • SSDEEP

      12288:HrMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUxjVD:pZyCA8CBmn+RrNj9ay5GD

    Score
    8/10
    discoverypersistencespywarestealerupx

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral2

    • Target

      b5af22c2ab1f2daadeec7fea1ea08e8063afa1156147e98c2ed89ebc59f2a275.exe

    • Size

      521KB

    • MD5

      3a87bc1cb1f4af7604c75c3356a9a590

    • SHA1

      b180816389cf421da00339bce71472d4d6a11c3a

    • SHA256

      b5af22c2ab1f2daadeec7fea1ea08e8063afa1156147e98c2ed89ebc59f2a275

    • SHA512

      c09b8f7a0527504da6239bb7cf5d6553a41a1d0bbf7808e546050471c3ef629773f9312ffab903a2e58fa454fc82865c569f9be64b0523de7e1260905ce4a00c

    • SSDEEP

      12288:orMIztyCK5x8CBmn+RrNbEyWYa0Ie1vUx9V/:yZyCA8CBmn+RrNj9ay5I/

    Score
    4/10
    behavioral3

MITRE ATT&CK Enterprise v6

Tasks