Overview

overview

7

Static

static

7

app.apk

android-9-x86

5

app.apk

android-10-x64

5

app.apk

android-11-x64

4

CordovaSMS.js

windows7-x64

1

CordovaSMS.js

windows10-2004-x64

1

SMSReceive.js

windows7-x64

1

SMSReceive.js

windows10-2004-x64

1

account.html

windows7-x64

1

account.html

windows10-2004-x64

1

add_new_address.html

windows7-x64

1

add_new_address.html

windows10-2004-x64

1

affinbank.html

windows7-x64

1

affinbank.html

windows10-2004-x64

1

agro.html

windows7-x64

1

agro.html

windows10-2004-x64

1

alliance.html

windows7-x64

1

alliance.html

windows10-2004-x64

1

ambank.html

windows7-x64

1

ambank.html

windows10-2004-x64

1

app.js

windows7-x64

1

app.js

windows10-2004-x64

1

au_anz.html

windows7-x64

1

au_anz.html

windows10-2004-x64

1

au_bankwest.html

windows7-x64

1

au_bankwest.html

windows10-2004-x64

1

au_bau.html

windows7-x64

1

au_bau.html

windows10-2004-x64

1

au_bendigo.html

windows7-x64

1

au_bendigo.html

windows10-2004-x64

1

au_beyondau.html

windows7-x64

1

au_beyondau.html

windows10-2004-x64

1

au_boq.html

windows7-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ambank.html

  • Size

    4KB

  • MD5

    f31dc5927824b27b973b4e67ed3bdbe7

  • SHA1

    56d87c59722d31498d35e9ec7d6624d789e02fcf

  • SHA256

    225f2950373ed6b9e73c075f931f4ee9223d165a83c25d3cf73270988d26ec55

  • SHA512

    dbab62e5fc2e96125e653fdbbc810b420c42de4cd0db8d4ddcb3417440148ba508bac36f3224055eaccc27813a769563df1dba0e58f5be4622e644828c513d23

  • SSDEEP

    96:pox0VOs+U5kiVaTg7VqcfFeg7Z8Toh4m1RtFDjoh4m1RF79FF/No9JH:KA5kiQg7Q9g7ZUi4mZZji4mN9LNo9JH

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ambank.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d82283485356321e43c970f253ec6a5

    SHA1

    dc79e71e05ff3d942209feb417495ff6cb832a6b

    SHA256

    4cb275f2196c18511c42234ae9189fda9ffecf933a04521d1d6aaa57d71e895b

    SHA512

    deaf0d8b704656e5c3bf144dde25f19cf62426461fccdf45f736d3d870df9d8e1784c96c5ece09c9de681dc09b49b882b89177ba8f9d0154140ffeadc87d3c41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f83ed85bc8e15703330fa339bfab7f6

    SHA1

    afb5b5c85a7551807914192b7f9d4e7cd89844ea

    SHA256

    c3a784c06089571a8389cff0dc13117ad50209f5d7416034936499165b5f997d

    SHA512

    70dfd9a62bf4f25ab4ff4f505cab49caf2169266772167bc6f4deba13519343a8cbfafbe127fa31146c26c6a7990b96b2600398fc17c65625c542380aeb3efa4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a90c38cd725fcc80c02f462d207ed46

    SHA1

    46795d7aefe02989c9ae5b72085e8f598e50a4b8

    SHA256

    3dc1b1656112e1553c3014b7fc950eef0dbc22bfa7e2672c8e140c1b730e4629

    SHA512

    01f16cb39fba9e56dbef636a7d67c7377f3bfbd334e47e22ba0f04fbed8f308d95b3b006c5fa14d9940aa5b8b88c69c708ce33e51ee419f9bead597fcc5c6f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    076e4a1332c8b1991e5d5ea3b7bd1c14

    SHA1

    4f57aab1fbfd7a9eadffee60a5743045ac002843

    SHA256

    c110e239b18f96271f1779220f4a2f0c42158501976b6b8a86a0ad3fead8a158

    SHA512

    d5550c2790b32196607951dff7be6f5fb687f1b2ba0cc169a66ffd27dc3b9af538077cd8036ce596bdf1880b1c91ca5f01f2935b66b87c0a36a4009ef6553fec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23b8cf745e2290ab9b0e41ba7f95ce6c

    SHA1

    2c25fb1cc5bf586718d9ccca37eb80f62cf50d72

    SHA256

    b16fcc7a379522f31972ed36ddaa572a2403c9e95fd3e71ddf08d5df1ab23ddd

    SHA512

    85405be3469c343416383936a72de52f70415dcb648af60a3d45b3c991c71d89605c7de603ad9182ee4a4a8a339d3a3d2c4e988c1282e536ace053c29a06a189

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d38c2f2f285bf0a74b06ac04ae2be8b

    SHA1

    295063ab492a9e2b6600f6ad61b893922dd30c80

    SHA256

    dc6ea1f855b733be7d1b2966085be298b73c547207351a2cf7f95f474f14c194

    SHA512

    3bba122d1b0de76c385b8b96f16856744618e7aaae625637eef82de45724821267a43cd426119e85f9e424c0687bfbddceba8097fd8539de1c9c6df8530cfaed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c43e6caf6c468d16697e7b65164f0165

    SHA1

    54dc39c55caa1794bf919b1172e2083d6e26002e

    SHA256

    290571699d6d3e1b9a400c58d0b9ddb28c81bf0c001f381c997f5c258a673a73

    SHA512

    eb8ccacd96a18bc638b3fc9428180431b797a2317c6108e9bef11c3e04825b1b457794874c540b6a45c29e41047d23eefa5e07acc027d5ce86db772770709fe3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFB24.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFB75.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit