Overview

overview

8

Static

static

1

bud (1).png

windows11-21h2-x64

8

Resubmissions

07-05-2024 10:10

240507-l7pxsabf9w 8

07-05-2024 10:10

240507-l7hhpsec62 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bud (1).png

  • Size

    124KB

  • Sample

    240507-l7pxsabf9w

  • MD5

    1de0f4db82d6b977b0e97340e11061ce

  • SHA1

    47f35fa29eb686490f62f572bb4f653c5b8d4e05

  • SHA256

    bcb884b484ef39ef21f2cb590f6814fc0cdc69dcde6c4f8c4337cd4d05aae024

  • SHA512

    25821c56ecfcd9a9bcb32d423fc9c5ca1b76c4ad9519985c29e04b1b3fef5c07ddeafb427e63b530c0db5ba719e47f60283f96655ff77904b9a64ebbe9242eed

  • SSDEEP

    3072:Gt8GjQoUdksCQbR9ZBIdHFvpVIopFXB+OqU7fgk:Gt82UvC0BIdHFIonwOq2ok

Score
8/10
adwarediscoveryevasionexecutionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      bud (1).png

    • Size

      124KB

    • MD5

      1de0f4db82d6b977b0e97340e11061ce

    • SHA1

      47f35fa29eb686490f62f572bb4f653c5b8d4e05

    • SHA256

      bcb884b484ef39ef21f2cb590f6814fc0cdc69dcde6c4f8c4337cd4d05aae024

    • SHA512

      25821c56ecfcd9a9bcb32d423fc9c5ca1b76c4ad9519985c29e04b1b3fef5c07ddeafb427e63b530c0db5ba719e47f60283f96655ff77904b9a64ebbe9242eed

    • SSDEEP

      3072:Gt8GjQoUdksCQbR9ZBIdHFvpVIopFXB+OqU7fgk:Gt82UvC0BIdHFIonwOq2ok

    Score
    8/10
    adwarediscoveryevasionexecutionpersistencespywarestealertrojan

    • Creates new service(s)

      persistenceexecution

    • Drops file in Drivers directory

    • Registers new Print Monitor

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Browser Extensions

1
T1176

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

5
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Peripheral Device Discovery

2
T1120

Process Discovery

1
T1057

Query Registry

6
T1012

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

System Information Discovery

6
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks