Overview

overview

8

Static

static

1

BBB-Steale...ler.py

windows7-x64

3

BBB-Steale...ler.py

windows10-2004-x64

8

BBB-Steale...er.bat

windows7-x64

1

BBB-Steale...er.bat

windows10-2004-x64

1

BBB-Steale...ll.bat

windows7-x64

1

BBB-Steale...ll.bat

windows10-2004-x64

1

Resubmissions

05/07/2024, 12:52

240705-p37tksydmk 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BBB-Stealer-main.zip

  • Size

    2.3MB

  • Sample

    240705-p37tksydmk

  • MD5

    c1262a8357dd4dcd88d8272328b99526

  • SHA1

    63a0df9c5316f1c7e2a990410624cdffee801bc5

  • SHA256

    f03e6736a0d39d2065f4adaeb308c1d10266539dbb7a13a5cb9d108111ec81aa

  • SHA512

    8cbe4b57ca0ca564ae337978e829a9dc3ef1e198c16a96b325a658f165f8e15b1f5a66df5e6c1273a07c6360fd33284c19b7c5ccce9ce89c63a677395f087a15

  • SSDEEP

    49152:lkBegdlk9MqWQFemAt7TZnSuknb8eKaWopw2m7h6mjVUxkEq:KUHMsPAtXVopwVsmjVrEq

Score
8/10
discoverypersistenceprivilege_escalation

Malware Config

Targets

    • Target

      BBB-Stealer-main/bbbstealer.py

    • Size

      65KB

    • MD5

      08bd1062d1b10a51ae6abac0f5ca9602

    • SHA1

      d01e487b0f149b2e7ea9453ba86f8bbf13d7011c

    • SHA256

      2ab28bc6986f63651ea4372bf5892d580c37d239e111c884a7de7bba56fd38d5

    • SHA512

      f771a8ff7d40da9144dd17ce397cc0d0e24a29b7b88fa1c9980b10a77a84bc54a9a322c16116e8715bdff710399b014a24ab02301c56b9dfe5425bf5f886cd74

    • SSDEEP

      768:sLEAt3KZxPemWYhTuSsmMooyPoko2osoFKosocosoMosoM7oco5wuLy2oqeosoCK:sLEo6ZxPEYhCST0Www5RnuiHkMq

    Score
    8/10
    discoverypersistenceprivilege_escalation

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      BBB-Stealer-main/builder.bat

    • Size

      57B

    • MD5

      a0fd480dcefe5c213ef5b0537d8a2244

    • SHA1

      ed08e0c7c13ae64c5bb356d75ad8d61034cb16cd

    • SHA256

      0eb9a0a0a93565d3ceb652b9956d71b48f09255a17e8039c4762e4ab0a1b3969

    • SHA512

      6ba531e7f01168d56b0e913ed2817025e76b7f7a93865ca18bd815489353a8b917126c35624f59195570724b30c8f044bcd5482339b08dc3e98c41ff304332ce

    Score
    1/10
    behavioral3behavioral4

    • Target

      BBB-Stealer-main/install.bat

    • Size

      349B

    • MD5

      d1fce2a48817c7b6a8e5c6a701fe67ed

    • SHA1

      b0b543026043b11cdf8552716aa046f7343584e8

    • SHA256

      d46755d5575b37f6b26052bff6499eb1771398f00348daaa830a7c0aa77607fa

    • SHA512

      bf2772a54c691d03425967694e8608ca0fb39b9277895e65348b02cefed56947a251df6afa0c84a110181809742d62a832218f266d6083c42f7affe2b479100e

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks