General
-
Target
Malwarebytes-Premium-Bypass-main.zip
-
Size
186KB
-
Sample
240621-vchdwssbln
-
MD5
c140deb9593c33bbefe3c0ed41e7dba3
-
SHA1
d23e0eacbcd781400d0741189fdbd48f1b81d10c
-
SHA256
7aa4af4009f2937805d20755be3952302bfc4077c1bed6f7127a30b62d15476d
-
SHA512
0d245243253771c2721ec831fc06007533ce8f30fe5a2a1aee1b399f33f7bc3c82df8705208b83e138ce5929d4fc636da00cc3724c5a19f0639aa788626833ec
-
SSDEEP
3072:Lif7sfdh4xPXWOEelmSgH13pv1f+JQ+wjJxzQYpxDO1/Dbt8OECJfuOHqq3i2j9:LiIEVLEelubWCjU2xDO17R8OEUGaqqt9
Malware Config
Targets
-
-
Target
Malwarebytes-Premium-Bypass-main/Malwarebytes-Premium-Reset.bat
-
Size
2KB
-
MD5
c2ccde34dcdfc9266aad6fde8d827502
-
SHA1
6afe063c28fbd773df66f09a350110c17ea83ba5
-
SHA256
09d745acb72dc23d5a29542e7227f1e39eecb26dcf35ef35552270408d770a89
-
SHA512
6f8c2022c67e0923f1ee230b688e6519b0745c1b1e9f36f073ab4e0c539b7582eb6a6097ae4855961bb047a007b0b364cecc6851e487f090d37f1f636f5e9229
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Modifies RDP port number used by Windows
-
Sets service image path in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
Malwarebytes-Premium-Bypass-main/Malwarebytes-Premium-Reset.ps1
-
Size
3KB
-
MD5
4b9bd4349376a4f8c79655e8af23ab7a
-
SHA1
f091274b44ba15cdbd0fd3ca95756e461bbd9779
-
SHA256
f3ff0317c1350f199653bfd8255f1b2b05ec2f3ff0bd4bc7c5fd50fac848d502
-
SHA512
753543216568851281b401360089703e3652852406013ce9f036bc2af9b23f9eee7508fc7d0f5c1f6c3bb782e7bc31386976ac7d954188fa0aabfaaf1c06ff4d
Score3/10 -
-
-
Target
Malwarebytes-Premium-Bypass-main/SAA MalwareBytes Premium.exe
-
Size
204KB
-
MD5
aea3d317e3b7a42b1e96e01d7d515a41
-
SHA1
944253899f71e72151d8e1e97276d52a59f1215a
-
SHA256
ecb29da27d8d93d0c547f9901416b7115dc79b6e8b92575b6c1adf12e539421e
-
SHA512
acceddb5371c01df0e3b1b411b148481929a077d7cd26a716972b129cf4839598af469736ebc8da7c9a9267f607511cd60a344876b59bcd8c1fc1fba8586f239
-
SSDEEP
6144:WfY+onwntelub/gOV7cUgxxO1780Get8NaqqtO:WfYctUuJVgzu780GK8j
Score7/10-
Loads dropped DLL
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
192639861e3dc2dc5c08bb8f8c7260d5
-
SHA1
58d30e460609e22fa0098bc27d928b689ef9af78
-
SHA256
23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6
-
SHA512
6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc
-
SSDEEP
192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
b7d61f3f56abf7b7ff0d4e7da3ad783d
-
SHA1
15ab5219c0e77fd9652bc62ff390b8e6846c8e3e
-
SHA256
89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912
-
SHA512
6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8
-
SSDEEP
96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1