General

  • Target

    89f0c6ffc7531b39e8dc89190173bdb2

  • Size

    995KB

  • Sample

    240202-tgsjzscbgp

  • MD5

    89f0c6ffc7531b39e8dc89190173bdb2

  • SHA1

    42a726ab2878d646f6420791ce6e6efc08489ab1

  • SHA256

    e925af5484de2082877c7f275e2095e22a45f2de07d4f7bbc315b7e74a132051

  • SHA512

    7a485fe9a96017432c15ac8264a6b28f66407298ef2c496fc8c0ca5bcbef7a189b98c999ab95d1f097a752b345f93c4e593a8a30396337512e9bec73009be84b

  • SSDEEP

    24576:mME3Vqj9yNeV+HDsTk26x6vwNA8MBfWMG3qbvKq+P4PdPR:pueWD37NAVQ10ZvPdPR

Malware Config

Targets

    • Target

      89f0c6ffc7531b39e8dc89190173bdb2

    • Size

      995KB

    • MD5

      89f0c6ffc7531b39e8dc89190173bdb2

    • SHA1

      42a726ab2878d646f6420791ce6e6efc08489ab1

    • SHA256

      e925af5484de2082877c7f275e2095e22a45f2de07d4f7bbc315b7e74a132051

    • SHA512

      7a485fe9a96017432c15ac8264a6b28f66407298ef2c496fc8c0ca5bcbef7a189b98c999ab95d1f097a752b345f93c4e593a8a30396337512e9bec73009be84b

    • SSDEEP

      24576:mME3Vqj9yNeV+HDsTk26x6vwNA8MBfWMG3qbvKq+P4PdPR:pueWD37NAVQ10ZvPdPR

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      0dc0cc7a6d9db685bf05a7e5f3ea4781

    • SHA1

      5d8b6268eeec9d8d904bc9d988a4b588b392213f

    • SHA256

      8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    • SHA512

      814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    • SSDEEP

      192:n6d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jPK72dwF7dBEnbok:n6UdHXcIiY535zBt2jP+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      32KB

    • MD5

      83142eac84475f4ca889c73f10d9c179

    • SHA1

      dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    • SHA256

      ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    • SHA512

      1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    • SSDEEP

      384:3rYz6grZodORNWATt4TBmlk5ooyzFh7BukAUdJoUtSOSR:3QggDWATWNCFh7BNddJoxO+

    Score
    3/10
    • Target

      $PLUGINSDIR/nsUnzip.dll

    • Size

      146KB

    • MD5

      4f53c88fdeb35a868f8aacc745a0a092

    • SHA1

      698e8bc6ec6c78bce7392a52ff4958bbc2099eb2

    • SHA256

      45de189f4e7bc73149cf6a6fc672eb053d561c514a82b4751e64c96125c7f693

    • SHA512

      c9bb539844a719ff8c65822c3c27b8edec46b510055fc2c6d0014219f414df11e77d44fcf44826d520e1d1f730afc85381d4279f9a15320e277bf5804984aa5b

    • SSDEEP

      3072:WbopEqCiDI9YRvpCVd7VN6BAmcxawmtvvhNdzdc/eMk54iyWH4Ptb1:Wk3FDZRvpKZkzhNdzd2eMk54v1

    Score
    3/10
    • Target

      $PROFILE/AppData/LocalLow/bbrs_002.tb/content/jquery4toolbar.js

    • Size

      167KB

    • MD5

      224c257265b43f4b4e5ebe21e7575dbe

    • SHA1

      4a7990cfea863655aca06e4c7ee708a0641d4e35

    • SHA256

      a63ca336dd561218555d730194dae3b778212d41bc3c164232f5cf627702f90a

    • SHA512

      9559e1c7db6402b2803d953ddadf49195785a642cd9849d8caf3333ee829d6a9e3ee3037234b83a8a2d4fd35eaec346bf313f22874a33d6bf5690fe1ec52cdec

    • SSDEEP

      1536:yYDDw2Swpcrqa6iEU9aCQ6nHxgzEoRx05do2TVGEIgQesjTzXjk5XtzQtal1cuMn:yH2krqa6iEULQ6nUEoD05dQTyjLiP

    Score
    1/10
    • Target

      $PROFILE/AppData/LocalLow/bbrs_002.tb/content/lock.js

    • Size

      27B

    • MD5

      02469e8f69f26729bf7373aaf83e7687

    • SHA1

      cee5b53a1b7f93986b9d336ea43e640da532eba6

    • SHA256

      86b85ba075a4af0c0ba4496484f0dd335e4abcb6782495dd0fb936bcf26b5c4f

    • SHA512

      45b75dd965ac95768aaed7bf7ac6e5317bd5ebbfdfde4920930e8258529b25979c0f335f335053538ad0d3940203694f8cde2dc71b57e0ad60adad65f5d763ec

    Score
    1/10
    • Target

      $PROFILE/AppData/LocalLow/bbrs_002.tb/content/witapi.js

    • Size

      44KB

    • MD5

      933ed0c2d0ebfb440f960c0b634f118e

    • SHA1

      93cf55c13c5ad52efe439d65bbb10919dd78b984

    • SHA256

      081a2cb1d175780144e0975aeed79accb4b17a2967927c6c60f5f47c9068f05e

    • SHA512

      e90baaf158d567a1fb1063de64ed2063de0529b2eef8730395fb160fd432a60424be313785f7c9e0570c250aa2940d49bf0eea6db58a9690355a200993c58ae0

    • SSDEEP

      768:XgyR5Tw2t8nAbqn/i9VQL9wJQxNkFSmmKHAAl+F1t/7Zn4P78F:wx2t8Abqn/i9VQL9wJQxNkFSmmKH9P7Q

    Score
    1/10
    • Target

      $PROFILE/AppData/LocalLow/bbrs_002.tb/content/witmain.js

    • Size

      639B

    • MD5

      b439d8a43de897b9121e5aa78ab3247c

    • SHA1

      cfe8b92498a2e94c9a796f1f6631f05513238136

    • SHA256

      4dde7a7fdf44587952f96b1b2b4cbbd60f674ee73ea9ad625c0851d88053d027

    • SHA512

      1abed7c9de3652a8e22b9f3fd0df06fce87929eee6ecf425bf1e7278bc86aa7f9d1a1ad02fb9ddf0cab13f67d59ff01a3ed0d6567c52941d1eff6e069aab0551

    Score
    1/10
    • Target

      $PROFILE/AppData/LocalLow/bbrs_002.tb/content/wittoolbar.js

    • Size

      2KB

    • MD5

      cda5b2727e277b095e1c802930ab9a78

    • SHA1

      16898837afad35f9ea3cdb203b3881a1f1cc14b0

    • SHA256

      1f4f851573263382105e35dc1c32014357ea8a5d48a2d3f97e568393ac17307f

    • SHA512

      353175636f3ae56ae97f0587c4f8b819e2ae290594982bbd2a514fe7f702570b506b9d774a7627de57f9c480f80d54a4c48f845330a7a1008fb03edb55f1bf3b

    Score
    1/10
    • Target

      $PROFILE/AppData/LocalLow/bbrs_002.tb/content/witwidgetapi.js

    • Size

      2KB

    • MD5

      df23ea1e7c384f733d24f0cca6ae4f0f

    • SHA1

      e732744cbaa4a94b5af57c1db8ff25407558a769

    • SHA256

      3e62184902e6fd85ba0e06aa3aa0d345d4bb2d517fb3985eaea997f26cd5acdb

    • SHA512

      f3945ed027f88a3f6b272228a60f5926b73c52366d633718d1bdf6de143cc657d6148ea03b9f616748fcdd18345604fea7d5840000a3ce4ecbe346172b4c74ed

    Score
    1/10
    • Target

      chrome/content/bubble.js

    • Size

      1KB

    • MD5

      e3cf4b651109156221e2072f83be5aa2

    • SHA1

      be06675125c178e3ff2fd78cf57f3d643bec5cc4

    • SHA256

      73cde6a7691f5155a6ea9f8076dda8d00c3c62764331be13ec3ec6053d0c9f84

    • SHA512

      976007787974080f6b30763f61b63c6212b4ca2a234e4f6d52a529c154a8325e7619160f108641e39ae7b405cfe203a092cf4fcdb72252cfa61e8a9afaf93dce

    Score
    1/10
    • Target

      chrome/content/jquery4toolbar.js

    • Size

      167KB

    • MD5

      224c257265b43f4b4e5ebe21e7575dbe

    • SHA1

      4a7990cfea863655aca06e4c7ee708a0641d4e35

    • SHA256

      a63ca336dd561218555d730194dae3b778212d41bc3c164232f5cf627702f90a

    • SHA512

      9559e1c7db6402b2803d953ddadf49195785a642cd9849d8caf3333ee829d6a9e3ee3037234b83a8a2d4fd35eaec346bf313f22874a33d6bf5690fe1ec52cdec

    • SSDEEP

      1536:yYDDw2Swpcrqa6iEU9aCQ6nHxgzEoRx05do2TVGEIgQesjTzXjk5XtzQtal1cuMn:yH2krqa6iEULQ6nUEoD05dQTyjLiP

    Score
    1/10
    • Target

      chrome/content/lock.js

    • Size

      27B

    • MD5

      02469e8f69f26729bf7373aaf83e7687

    • SHA1

      cee5b53a1b7f93986b9d336ea43e640da532eba6

    • SHA256

      86b85ba075a4af0c0ba4496484f0dd335e4abcb6782495dd0fb936bcf26b5c4f

    • SHA512

      45b75dd965ac95768aaed7bf7ac6e5317bd5ebbfdfde4920930e8258529b25979c0f335f335053538ad0d3940203694f8cde2dc71b57e0ad60adad65f5d763ec

    Score
    1/10
    • Target

      chrome/content/witapi.js

    • Size

      39KB

    • MD5

      bc4e4cb58f1bf5e82c08a2778e8bae2e

    • SHA1

      4a0925750d7a0ea9a86d16a56ff96885fb83d9a0

    • SHA256

      79799582d21e9a72b03fe0298626b9b2d04c71aaa5a9cd8a022848ad0dadc0cc

    • SHA512

      cf9de60c2b92f028b355256d05302f8d29f4033861396467746fc58448f2cbb6a02682040a6aafce8bf2e24110832e9dc8991957781784741e3d57e57cd7ef87

    • SSDEEP

      384:AuBJ7B229eTup5BmtCwW2ad85C7s6cOadYccf8jH27FzeAxLdZ/GMdAqB:Ay7Bqup5AtCwW2ad8MxQ0mH4FiRwxB

    Score
    1/10
    • Target

      chrome/content/witmain.js

    • Size

      639B

    • MD5

      b439d8a43de897b9121e5aa78ab3247c

    • SHA1

      cfe8b92498a2e94c9a796f1f6631f05513238136

    • SHA256

      4dde7a7fdf44587952f96b1b2b4cbbd60f674ee73ea9ad625c0851d88053d027

    • SHA512

      1abed7c9de3652a8e22b9f3fd0df06fce87929eee6ecf425bf1e7278bc86aa7f9d1a1ad02fb9ddf0cab13f67d59ff01a3ed0d6567c52941d1eff6e069aab0551

    Score
    1/10
    • Target

      chrome/content/wittoolbar.js

    • Size

      2KB

    • MD5

      cda5b2727e277b095e1c802930ab9a78

    • SHA1

      16898837afad35f9ea3cdb203b3881a1f1cc14b0

    • SHA256

      1f4f851573263382105e35dc1c32014357ea8a5d48a2d3f97e568393ac17307f

    • SHA512

      353175636f3ae56ae97f0587c4f8b819e2ae290594982bbd2a514fe7f702570b506b9d774a7627de57f9c480f80d54a4c48f845330a7a1008fb03edb55f1bf3b

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

adwarediscoverypersistencespywarestealer
Score
7/10

behavioral2

adwarediscoverypersistencespywarestealer
Score
7/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10