Overview

overview

10

Static

static

3

36a71a4842...JC.exe

windows7-x64

10

36a71a4842...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    36a71a48427f8bexeexe_JC.exe

  • Size

    637KB

  • Sample

    230715-mb9gzshe99

  • MD5

    36a71a48427f8bf7b4979cab316e2d48

  • SHA1

    22a66919a0bde6e2f73c76e359ede9d9d82f54cd

  • SHA256

    d07239e5e3f3bf63e5a3572474cf37ead1cf07b39ad987bfa62244e06b283a38

  • SHA512

    bfa5a55d2c84ea3f67fd2c8dfbbea638ea064a0c98caa0d7fe61cee0f516c2ff34c68bad41105ea3e6e83dcd251b0ef231134a16409e80ddadfdd362409a8768

  • SSDEEP

    12288:KRRKP9QGX9rYFCLYo9S/hf5PSpvuUOh+7t7vOA:KRguGqFCYXapvQh2/

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      36a71a48427f8bexeexe_JC.exe

    • Size

      637KB

    • MD5

      36a71a48427f8bf7b4979cab316e2d48

    • SHA1

      22a66919a0bde6e2f73c76e359ede9d9d82f54cd

    • SHA256

      d07239e5e3f3bf63e5a3572474cf37ead1cf07b39ad987bfa62244e06b283a38

    • SHA512

      bfa5a55d2c84ea3f67fd2c8dfbbea638ea064a0c98caa0d7fe61cee0f516c2ff34c68bad41105ea3e6e83dcd251b0ef231134a16409e80ddadfdd362409a8768

    • SSDEEP

      12288:KRRKP9QGX9rYFCLYo9S/hf5PSpvuUOh+7t7vOA:KRguGqFCYXapvQh2/

    Score
    10/10
    evasionpersistencespywarestealertrojan

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks