General

  • Target

    20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe

  • Size

    5.8MB

  • Sample

    240604-bgd3gsfg5w

  • MD5

    60feb08011db31607cee2a5bc1f2206f

  • SHA1

    f8f680a3a8ca7eb2058eebdf2f25a95904780988

  • SHA256

    20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2

  • SHA512

    71db5d12fd3717085b67fe93b671e0f5f7124e1cc3141197572666bc2f914c9b67ba661d49007ea05c7b0cf05345e376ec3894af6696d120957dbb6ce32d3a87

  • SSDEEP

    98304:49Aqm4Riz+Hbw3PR/eqltg9yLcYGgtf2euoelboe2u+8zBfjjGMfLrmdxiW4KTmA:lqxRii7AoyLVG8XuoelbT2+bK2rmdADK

Malware Config

Targets

    • Target

      20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2.exe

    • Size

      5.8MB

    • MD5

      60feb08011db31607cee2a5bc1f2206f

    • SHA1

      f8f680a3a8ca7eb2058eebdf2f25a95904780988

    • SHA256

      20a6c6e35c32583f23b8701d14233fccec6fc68d6fc78dcffbb4da1c53b6b9d2

    • SHA512

      71db5d12fd3717085b67fe93b671e0f5f7124e1cc3141197572666bc2f914c9b67ba661d49007ea05c7b0cf05345e376ec3894af6696d120957dbb6ce32d3a87

    • SSDEEP

      98304:49Aqm4Riz+Hbw3PR/eqltg9yLcYGgtf2euoelboe2u+8zBfjjGMfLrmdxiW4KTmA:lqxRii7AoyLVG8XuoelbT2+bK2rmdADK

    • Detects binaries and memory artifacts referencing sandbox DLLs typically observed in sandbox evasion

    • Detects executables referencing many IR and analysis tools

    • Detects executables referencing sandbox artifacts

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Target

      $PLUGINSDIR/JsisPlugins.dll

    • Size

      2.1MB

    • MD5

      bd94620c8a3496f0922d7a443c750047

    • SHA1

      23c4cb2b4d5f5256e76e54969e7e352263abf057

    • SHA256

      c0af9e25c35650f43de4e8a57bb89d43099beead4ca6af6be846319ff84d7644

    • SHA512

      954006d27ed365fdf54327d64f05b950c2f0881e395257b87ba8e4cc608ec4771deb490d57dc988571a2e66f730e04e8fe16f356a06070abda1de9f3b0c3da68

    • SSDEEP

      49152:MWUF3+DvlxaVlUj2UxF9TWkWbQWxACvRG+OZ1m/I31he2UaIyuKs:MtF3+DLaVlUFWkWbQWx1JtOLm/IgaI/

    Score
    3/10
    • Target

      $PLUGINSDIR/Midex.dll

    • Size

      126KB

    • MD5

      581c4a0b8de60868b89074fe94eb27b9

    • SHA1

      70b8bdfddb08164f9d52033305d535b7db2599f6

    • SHA256

      b13c23af49da0a21959e564cbca8e6b94c181c5eeb95150b29c94ff6afb8f9dd

    • SHA512

      94290e72871c622fc32e9661719066bafb9b393e10ed397cae8a6f0c8be6ed0df88e5414f39bc528bf9a81980bdcb621745b6c712f4878f0447595cec59ee33d

    • SSDEEP

      3072:WACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGd:WACUTz1JlopG5K4OZgeC

    Score
    6/10
    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Target

      $PLUGINSDIR/jsis.dll

    • Size

      127KB

    • MD5

      4b27df9758c01833e92c51c24ce9e1d5

    • SHA1

      c3e227564de6808e542d2a91bbc70653cf88d040

    • SHA256

      d37408f77b7a4e7c60800b6d60c47305b487e8e21c82a416784864bd9f26e7bb

    • SHA512

      666f1b99d65169ec5b8bc41cdbbc5fe06bcb9872b7d628cb5ece051630a38678291ddc84862101c727f386c75b750c067177e6e67c1f69ab9f5c2e24367659f4

    • SSDEEP

      3072:J3Zk9fOAewM0+W8NVH28fB948igEWo8P+fidXs:J3qNOApM1G8fBpidWZ

    Score
    3/10
    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      36KB

    • MD5

      ddb56a646aea54615b29ce7df8cd31b8

    • SHA1

      0ea1a1528faafd930ddceb226d9deaf4fa53c8b2

    • SHA256

      07e602c54086a8fa111f83a38c2f3ee239f49328990212c2b3a295fade2b5069

    • SHA512

      5d5d6ee7ac7454a72059be736ec8da82572f56e86454c5cbfe26e7956752b6df845a6b0fada76d92473033ca68cd9f87c8e60ac664320b015bb352915abe33c8

    • SSDEEP

      768:k1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpUYiiiSlAMxkE:k1bYPHqu7EUhL27bTU7bix

    Score
    3/10
    • Target

      $_106_

    • Size

      6.4MB

    • MD5

      f40c5626532c77b9b4a6bb384db48bbe

    • SHA1

      d3124b356f6495288fc7ff1785b1932636ba92d3

    • SHA256

      e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f

    • SHA512

      8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056

    • SSDEEP

      98304:aTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLtwFkVg:aTvkTLVTAudcoJheBnknfFrqNXleb

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks