Resubmissions
29-03-2024 00:20
240329-amqg2acd8z 1029-03-2024 00:16
240329-aksvdacd4y 1029-03-2024 00:12
240329-ahhavsda23 10Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-03-2024 00:16
Behavioral task
behavioral1
Sample
Ro-Byfron-1.0.exe
Resource
win7-20231129-en
General
-
Target
Ro-Byfron-1.0.exe
-
Size
2.2MB
-
MD5
2d1ee30378ae7634acc1b4558cfc170d
-
SHA1
8442725a2528e8bb849110987580ca9c110b379b
-
SHA256
8f6787371c660aa144c6521491afe4bc05252874c623cec155dac5dae9777ca9
-
SHA512
733786a5968e5e552fe18d199424992d745408bac2f206bbc3ea7a8ac4589eeb67e47ff0941c3389691edd1286b5007b629024f1bc1a88e0a0f62f0f48459785
-
SSDEEP
24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtW:PBozBdhEV7q8bOQnIFWY+3Je0w+
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 5 ipinfo.io -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_W0_wE0_aE0_pE0_GB_{9bd3d403-d4fc-11ee-87a6-806e6f6e6963}_PpwmZduQjr.zipFilesize
1.0MB
MD5c394e4090216a0923f5106822a22842d
SHA10af842e01a7da589eaca95322bd20895b6a1d88c
SHA256b8c8d145b0b14c3451739a779c9ca8a6d4c4ff6f3856cb9f3604b10835e738dc
SHA5128aa481cbab7676ce56ebd9853f348cf7930c56eacff5b42cec9ce5db035cc84b5b31a22196c3c8cfb7089fadfcd9e078ddc30ba35def2f9f285178081a3be4ab