Overview

overview

8

Static

static

7

41033e4baa...e0.exe

windows7-x64

8

41033e4baa...e0.exe

windows10-2004-x64

8

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$TEMP/BroomSetup.exe

windows7-x64

7

$TEMP/BroomSetup.exe

windows10-2004-x64

7

$TEMP/syncUpd.exe

windows7-x64

8

$TEMP/syncUpd.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41033e4baaf4d0de22e736c67f4c7ea7a57c145bcf16cf9360b30a49739334e0

  • Size

    1.8MB

  • Sample

    240305-myh9badh96

  • MD5

    6c60e89e9a2bd99018da4930811f5f17

  • SHA1

    6bbf67b1133ad3e97268c6b49c81b5c87d56d22c

  • SHA256

    41033e4baaf4d0de22e736c67f4c7ea7a57c145bcf16cf9360b30a49739334e0

  • SHA512

    bd288744433405b6760676c82b3efbb163508506c1645b8b07102738f8f02a3b8fc0420fc22da3a74354e6af3be7d79c5e7df511983913c1912d73cdbc8b833e

  • SSDEEP

    49152:tIiiK2S7ndMn8Oj/xNzvaT55ItITY2DV1ttwyNrDI:qiiK2Ina8Oz/mT55IIF1ttwyNrDI

Score
8/10
discoveryspywarestealerupx

Malware Config

Targets

    • Target

      41033e4baaf4d0de22e736c67f4c7ea7a57c145bcf16cf9360b30a49739334e0

    • Size

      1.8MB

    • MD5

      6c60e89e9a2bd99018da4930811f5f17

    • SHA1

      6bbf67b1133ad3e97268c6b49c81b5c87d56d22c

    • SHA256

      41033e4baaf4d0de22e736c67f4c7ea7a57c145bcf16cf9360b30a49739334e0

    • SHA512

      bd288744433405b6760676c82b3efbb163508506c1645b8b07102738f8f02a3b8fc0420fc22da3a74354e6af3be7d79c5e7df511983913c1912d73cdbc8b833e

    • SSDEEP

      49152:tIiiK2S7ndMn8Oj/xNzvaT55ItITY2DV1ttwyNrDI:qiiK2Ina8Oz/mT55IIF1ttwyNrDI

    Score
    8/10
    discoveryspywarestealerupx

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/INetC.dll

    • Size

      21KB

    • MD5

      2b342079303895c50af8040a91f30f71

    • SHA1

      b11335e1cb8356d9c337cb89fe81d669a69de17e

    • SHA256

      2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f

    • SHA512

      550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47

    • SSDEEP

      384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i

    Score
    3/10
    behavioral3behavioral4

    • Target

      $TEMP/BroomSetup.exe

    • Size

      1.7MB

    • MD5

      eee5ddcffbed16222cac0a1b4e2e466e

    • SHA1

      28b40c88b8ea50b0782e2bcbb4cc0f411035f3d5

    • SHA256

      2a40e5dccc7526c4982334941c90f95374460e2a816e84e724e98c4d52ae8c54

    • SHA512

      8f88901f3ebd425818db09f268df19ccf8a755603f04e9481bcf02b112a84393f8a900ead77f8f971bfa33fd9fa5636b7494aaee864a0fb04e3273911a4216dc

    • SSDEEP

      49152:YUnaQiKJ8N+AadA6mICFhNGffVCPi9NUko6jE:ZwKa+u6mICFSwPKDK

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      $TEMP/syncUpd.exe

    • Size

      223KB

    • MD5

      4798812066cbae4409c74a92f61d89be

    • SHA1

      f22ae1face4df9e4ab6445a6e43eedd12c8af868

    • SHA256

      17102324a533f9666f6d2a9a9269807f9b49591a20ff7fd4045c43b432ac0079

    • SHA512

      e55b78580a1aa1ab9e262ddb57ae95759d459ab75db99459882a22f05310e2e53131f05e0f110ed0cf2056b18f8671272eabda5cbd21667cd51be5754e4c3e56

    • SSDEEP

      3072:dlprK266lvWQLu0HAm3RwHRMAbMKjjBSNljGHQJq5JE:z6cuQLu0HuH+i9jjGjnG

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks