General

  • Target

    daa3d19ac59afd1c71a73f797cb4ad16

  • Size

    6.1MB

  • Sample

    240321-elpassbd94

  • MD5

    daa3d19ac59afd1c71a73f797cb4ad16

  • SHA1

    91667bff312db7b2574fcf29deb88565709c2cab

  • SHA256

    43358b1bf2342e4c45179ffe1eba80b41fe64ca7aba3cf0e551f5ceada787b59

  • SHA512

    d5c8c901b670b62a3d028499c3630cc9f3c225b5e218060d0cb84da1f8fdbc134386bb97ca0659df728ce9de5b03297af600a0dcf4f51a5a5e1173545d867810

  • SSDEEP

    98304:reM1elPegcj48i8SdZORYXyMTf16EqWpe7eIwaPPwKiiZwx+BynxSUDnNdsCR:xegg248iOO1dEEiZA+BEHfR

Malware Config

Targets

    • Target

      daa3d19ac59afd1c71a73f797cb4ad16

    • Size

      6.1MB

    • MD5

      daa3d19ac59afd1c71a73f797cb4ad16

    • SHA1

      91667bff312db7b2574fcf29deb88565709c2cab

    • SHA256

      43358b1bf2342e4c45179ffe1eba80b41fe64ca7aba3cf0e551f5ceada787b59

    • SHA512

      d5c8c901b670b62a3d028499c3630cc9f3c225b5e218060d0cb84da1f8fdbc134386bb97ca0659df728ce9de5b03297af600a0dcf4f51a5a5e1173545d867810

    • SSDEEP

      98304:reM1elPegcj48i8SdZORYXyMTf16EqWpe7eIwaPPwKiiZwx+BynxSUDnNdsCR:xegg248iOO1dEEiZA+BEHfR

    Score
    3/10
    • Target

      $PLUGINSDIR/Gossiper.exe

    • Size

      5.1MB

    • MD5

      1c89e1b7b17c0ada4b6dfe347493a835

    • SHA1

      1215b533ec5b67d23cd59551da50658b5d5e6288

    • SHA256

      250d3b191f5a723fc9b045fbb9b89c747cade393d85705966f8cec58e6373a00

    • SHA512

      1b9bcd900ed17e3441c9691c85483c5d82809c009da01ba74e8f6f8dd3da3d06fd0949f7d4fc6dcbbc3aeedb10d495e5699faa14b802ae4f5fad2167f35bf77a

    • SSDEEP

      98304:LnREBoBGZxci3pItnmLufTzki76yvdvwwWcUCTivQI7qQ9l7f1FzbQt:LkoBGTNSQOzv5vccHT27TlvG

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      325b008aec81e5aaa57096f05d4212b5

    • SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

    • SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    • SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    • SSDEEP

      192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo

    Score
    3/10
    • Target

      $PLUGINSDIR/MobilewitchAcPro.exe

    • Size

      566KB

    • MD5

      9c4e9c3250820793320da7f10b71870d

    • SHA1

      06a06f2d716f773089455613e14f6757d06c60f5

    • SHA256

      f814fb9389012186ee85a6bb613f03f5fb5646b1faac33a755122dfecb0beb40

    • SHA512

      3a3daee92d59bedc78622940bfa72025ca3244ef3564349711b1117f631667e92136a562f83994075bd9e908e534abb2217dff8601dcfc94bd64a2cf52e32259

    • SSDEEP

      12288:mna9iuosHV56Tot2CIVgurymne2Q42l1/6tU4fi5roERzj6w:mnak6bswOeSYR6lUdVuw

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      e541458cfe66ef95ffbea40eaaa07289

    • SHA1

      caec1233f841ee72004231a3027b13cdeb13274c

    • SHA256

      3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    • SHA512

      0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    • SSDEEP

      384:b1JO6XgZkjxm+NpXaWgzxUX//EUhU7ya4LQ0Ac9khYLMkIX0+GBty3Sm0:b+6Xgsm+NpKWgzxUXnEUhUua4Li70

    Score
    3/10
    • Target

      BitComet Ultra Accelerator.exe

    • Size

      254KB

    • MD5

      1a17c74fce35c4a46805b2b78de949c9

    • SHA1

      9bb14dcc5f0123ef899959ef94b6cde83ed1c164

    • SHA256

      5b50257e8875e7cb4938659fd3da2f2ba02463c463bdcdc22a2e7af3cdc18d4e

    • SHA512

      ca4a806953aa06d2c441aa72376fbb5286330c87d3da0333de20d04696b1c729787ce51b67ee421d19fa0c061353c64befd96205daa76801be0fb9208cbca393

    • SSDEEP

      6144:qOgpNJOUNZNmZ813b1AZ08LdaCvWdZBUb:AhNyZ813buvLMCvAZBW

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      SkinMagic.dll

    • Size

      338KB

    • MD5

      717c74d999f9181cba5ded8586837a59

    • SHA1

      4cc576ceb443cfa47a4f51cbc1bb4ff8ccc58909

    • SHA256

      ceb7619f16a1a45e1ae13feceee5c7229ee105466dc949e5decad67640e2743d

    • SHA512

      253fd81e29e377ce92b3e58a3d1ac6f1789a571945e33d655ae4f8136f9328abe6e6607fdc379250c94c5113a7a312349fdc604cfb05ac1a560a2b589a6b49a6

    • SSDEEP

      6144:mK5lbvKUX/qfBeFuGnJY2SSJPdfe1CDihWhBvlhrUyRZWLqd8xMA:jTKUXiZ222S+P01CDDnrUyRo2d8x5

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks