General

  • Target

    ccleaner_pro_6.09.10300.exe

  • Size

    52.7MB

  • Sample

    240222-w3ax6sea93

  • MD5

    8ab7b57c3562c6a49ced96a51a84bdc0

  • SHA1

    9f506f3255cb86bf3b1491b046e32e0e4e103c15

  • SHA256

    3c0186b73c42ce88cd6124dc54333f70fb7235b35bc32a6b57a8c9c7fca63b2c

  • SHA512

    1874414476cb775a99acbb25f9d7b76f482f6b740425d0d2fefa22470fbdda11af9fb9a6a7a0c3f2dc5f5e13afff22bd5c0001df1b479a0ae243c698a74e2daf

  • SSDEEP

    1572864:4oDnYAR5MPNAOwmzPPU961KXHAGY0tDZCISMa1RVG:jrxRyPNNhzPc961+AGFmRBfG

Malware Config

Targets

    • Target

      ccleaner_pro_6.09.10300.exe

    • Size

      52.7MB

    • MD5

      8ab7b57c3562c6a49ced96a51a84bdc0

    • SHA1

      9f506f3255cb86bf3b1491b046e32e0e4e103c15

    • SHA256

      3c0186b73c42ce88cd6124dc54333f70fb7235b35bc32a6b57a8c9c7fca63b2c

    • SHA512

      1874414476cb775a99acbb25f9d7b76f482f6b740425d0d2fefa22470fbdda11af9fb9a6a7a0c3f2dc5f5e13afff22bd5c0001df1b479a0ae243c698a74e2daf

    • SSDEEP

      1572864:4oDnYAR5MPNAOwmzPPU961KXHAGY0tDZCISMa1RVG:jrxRyPNNhzPc961+AGFmRBfG

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks