General

  • Target

    ByfronBypass.exe

  • Size

    8.2MB

  • Sample

    240603-h777kshb53

  • MD5

    e7aeebf0ef64508ddbf4abb6495875be

  • SHA1

    66b8010109b697bda7fd7e4f88dbbe0d05bda727

  • SHA256

    f8368df1d256b451ce7bc5b8a3e3209d6731afbae00b9f26178bebf7ee323b56

  • SHA512

    558e25a673bd9d31f5a1e302de3a93aeed4f86d8a39887246dfadada28a6953d0bd4788a799f82c19f9b75d1cbcd29c90db08ae8785d0ce152e4eca7e478cdc8

  • SSDEEP

    196608:crgm7EzLuLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqWl:ozL+9qz88Ck+7q3p91JmcqfqWl

Malware Config

Targets

    • Target

      ByfronBypass.exe

    • Size

      8.2MB

    • MD5

      e7aeebf0ef64508ddbf4abb6495875be

    • SHA1

      66b8010109b697bda7fd7e4f88dbbe0d05bda727

    • SHA256

      f8368df1d256b451ce7bc5b8a3e3209d6731afbae00b9f26178bebf7ee323b56

    • SHA512

      558e25a673bd9d31f5a1e302de3a93aeed4f86d8a39887246dfadada28a6953d0bd4788a799f82c19f9b75d1cbcd29c90db08ae8785d0ce152e4eca7e478cdc8

    • SSDEEP

      196608:crgm7EzLuLjv+bhqNVoB8Ck5c7GpNlpq41J2ySEcbk9qtlDfqWl:ozL+9qz88Ck+7q3p91JmcqfqWl

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks