Overview

overview

10

Static

static

10

Ro-Byfron-1.0.exe

windows7-x64

1

Ro-Byfron-1.0.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ro-Byfron-1.0.exe

  • Size

    2.2MB

  • Sample

    240329-am58gsdb32

  • MD5

    2d1ee30378ae7634acc1b4558cfc170d

  • SHA1

    8442725a2528e8bb849110987580ca9c110b379b

  • SHA256

    8f6787371c660aa144c6521491afe4bc05252874c623cec155dac5dae9777ca9

  • SHA512

    733786a5968e5e552fe18d199424992d745408bac2f206bbc3ea7a8ac4589eeb67e47ff0941c3389691edd1286b5007b629024f1bc1a88e0a0f62f0f48459785

  • SSDEEP

    24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtW:PBozBdhEV7q8bOQnIFWY+3Je0w+

Score
10/10
invictastealerdiscoveryspywarestealer

Malware Config

Targets

    • Target

      Ro-Byfron-1.0.exe

    • Size

      2.2MB

    • MD5

      2d1ee30378ae7634acc1b4558cfc170d

    • SHA1

      8442725a2528e8bb849110987580ca9c110b379b

    • SHA256

      8f6787371c660aa144c6521491afe4bc05252874c623cec155dac5dae9777ca9

    • SHA512

      733786a5968e5e552fe18d199424992d745408bac2f206bbc3ea7a8ac4589eeb67e47ff0941c3389691edd1286b5007b629024f1bc1a88e0a0f62f0f48459785

    • SSDEEP

      24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtW:PBozBdhEV7q8bOQnIFWY+3Je0w+

    Score
    7/10
    discoveryspywarestealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks