Overview
overview
10Static
static
10CB_setup.exe
windows7-x64
10CB_setup.exe
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...S3.dll
windows7-x64
3$PLUGINSDI...S3.dll
windows10-2004-x64
3$PLUGINSDI...T3.dll
windows7-x64
3$PLUGINSDI...T3.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...in.dll
windows7-x64
3$PLUGINSDI...in.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ce.dll
windows7-x64
3$PLUGINSDI...ce.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$TEMP/Temp...BU.exe
windows7-x64
6$TEMP/Temp...BU.exe
windows10-2004-x64
7$TEMP/Temp...ce.exe
windows7-x64
3$TEMP/Temp...ce.exe
windows10-2004-x64
3$TEMP/Temp...SE.exe
windows7-x64
3$TEMP/Temp...SE.exe
windows10-2004-x64
3$TEMP/Temp...ng.dll
windows7-x64
1$TEMP/Temp...ng.dll
windows10-2004-x64
1$TEMP/Temp...HI.dll
windows7-x64
1$TEMP/Temp...HI.dll
windows10-2004-x64
1$TEMP/Temp...ZE.dll
windows7-x64
1$TEMP/Temp...ZE.dll
windows10-2004-x64
1Analysis
-
max time kernel
152s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
28-07-2024 22:51
Behavioral task
behavioral1
Sample
CB_setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
CB_setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/MyLangDLLS3.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/MyLangDLLS3.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/MyLangDLLT3.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/MyLangDLLT3.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSIS_SkinCrafter_Plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Plugin.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Plugin.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/cService.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/cService.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
$TEMP/TemporaryComodoProduct/CBU.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$TEMP/TemporaryComodoProduct/CBU.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
$TEMP/TemporaryComodoProduct/COSService.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
$TEMP/TemporaryComodoProduct/COSService.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
$TEMP/TemporaryComodoProduct/CSE.exe
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
$TEMP/TemporaryComodoProduct/CSE.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
$TEMP/TemporaryComodoProduct/GUIlang.dll
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
$TEMP/TemporaryComodoProduct/GUIlang.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
$TEMP/TemporaryComodoProduct/GUIlang_CHI.dll
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
$TEMP/TemporaryComodoProduct/GUIlang_CHI.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral31
Sample
$TEMP/TemporaryComodoProduct/GUIlang_CZE.dll
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
$TEMP/TemporaryComodoProduct/GUIlang_CZE.dll
Resource
win10v2004-20240709-en
General
-
Target
CB_setup.exe
-
Size
21.4MB
-
MD5
193642adb57aec509ba3fd698a09efd2
-
SHA1
d9166b6ac1c069f028188357ff40256d7395868c
-
SHA256
ae1c457e4968758551c0e99ce62cb87c02b6c134afda6d1d700da3b37a2d7610
-
SHA512
507c9698f6d9b2def0f60641b5eeef5a13a55f0a492af62abae7345b9b01d3cef490a689ff98fe899b2188cb4d3d74b1a655dccf370f31d01ca7fbca2041bc5e
-
SSDEEP
393216:Es5Q1AuX1FFetKFOfzJyb2omyUw7RLo4WRsyo1fL79UXPj5MXHQqkJGlF:Es52AuXHQagzJk+yUwBo5oHUXPFkQ3K
Malware Config
Signatures
-
Detects Strela Stealer payload 2 IoCs
resource yara_rule behavioral2/files/0x00070000000234ec-44.dat family_strela behavioral2/memory/852-47-0x0000000005B40000-0x000000000610D000-memory.dmp family_strela -
Loads dropped DLL 14 IoCs
pid Process 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\mfc71.dll CB_setup.exe File created C:\Windows\SysWOW64\msvcr71.dll CB_setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language CB_setup.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 852 CB_setup.exe 852 CB_setup.exe 852 CB_setup.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD54a90d392c9da5f0b90a75baf67c37e4c
SHA173e875dafefaa16def7f77a428a5c131b7b9837e
SHA256045bd54299e1cf2d9e68f64e233f30c8a2c455d72645d4a4a9ca8874a7c510ac
SHA51282014b8fb94da3d158ef68a2488eb594bcf27d31132b4bbf2f4c441d00ed9d374d78cd013a1af6c59fd03716bf5c429cddf77c43e1e171df24086b70b7b9a13d
-
Filesize
5KB
MD57050cd061f2ddac010e3382a57d5ede4
SHA1a0a1e5e89fb230dfa3c76ee15b0e51abead32282
SHA256dfca83b19ee2fe36479e9c1ceef2eb45b08851236dcf7a958141b1af03d27a21
SHA5125f8472dd37a1cc1aecad78610b71670989715a15f8911e658ce7da4c4b2d428f866c9e61df30f6660d91dd365b1c055676ef3a3f6ec77d826ef11175a713455e
-
Filesize
5.8MB
MD52e13e03b7cf2d8c8338bbc3d29fd3e07
SHA1173e6e67c5315474765dcd303b3214d5600c48ea
SHA256ea1552de423ed1768bace344d9a07bf529845c75fe6fc6ce3c4ba91d4aae5409
SHA51294220a07aea2f4a45ef6b7566baba5a9ce73e70236bf97fc2489bee50b662f3fd05824d7804dd544eef85d73e69091aaae5de3094f0866bf51521024eb3d168d
-
Filesize
2.1MB
MD567ad13de4800015f22cffaa96e1cdd41
SHA1542fb5baeea3f3b7ebdc70061790612ae9bfd0dc
SHA256ea847b3e559321f8825d4339ad503b8082546ad7f9ae1d8373914f2ffaf3e6a2
SHA512c2f776d6b4091dcc241ca25d3d1134f7487f6ffd1e58b6108d3dae655cdb949c3ded8a03a952ec33947c61cb0213fde25b79992ca86327e380f30140a881a79b
-
Filesize
792KB
MD58fea8fd177034b52e6a5886fb5e780bd
SHA199f511388a2420d53b8406baed48ba550842eaad
SHA256546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de
SHA5125d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696
-
Filesize
11KB
MD5959ea64598b9a3e494c00e8fa793be7e
SHA140f284a3b92c2f04b1038def79579d4b3d066ee0
SHA25603cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
SHA5125e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64
-
Filesize
4KB
MD5d16e06c5de8fb8213a0464568ed9852f
SHA1d063690dc0d2c824f714acb5c4bcede3aa193f03
SHA256728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531
SHA51260502bb65d91a1a895f38bd0f070738152af58ffa4ac80bac3954aa8aad9fda9666e773988cbd00ce4741d2454bf5f2e0474ce8ea18cfe863ec4c36d09d1e27a
-
Filesize
15KB
MD580bc7fa432a388ae762c0448abfaf3f1
SHA1f268dd816fb9a102b49389420ab7f80b4ac44f8a
SHA25669efb45ca18fe1c109e6a24ff4f8c5e0a17ff8b5e196710046bdd0d4917e25f0
SHA512adcab8a19d205919aa13a226b45d8e64e0964bff9a7925730f66c37437411cc6573298574b27d4330224987fc23d74b2a000845e370a28d15fe920f8b6304bd4
-
Filesize
1.0MB
MD51fd3f9722119bdf7b8cff0ecd1e84ea6
SHA19a4faa258b375e173feaca91a8bd920baf1091eb
SHA256385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823
SHA512109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6
-
Filesize
340KB
MD5ca2f560921b7b8be1cf555a5a18d54c3
SHA1432dbcf54b6f1142058b413a9d52668a2bde011d
SHA256c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
SHA51223e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e