Overview

overview

9

Static

static

1

bbbfdf66e9...40.exe

windows7-x64

9

bbbfdf66e9...40.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40.exe

  • Size

    8.0MB

  • Sample

    240802-crjamavdkd

  • MD5

    7a9e91cd05bb23625354d0f46066904c

  • SHA1

    7389f1881aba1c2ba3544321bd068bbf91dfa00a

  • SHA256

    bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40

  • SHA512

    cdcd8c13f582682279463afc1a6196b65e127a0cb344632f1c2222f8f64793ae8c19547758eda94ece0bc9526b6ed13e552c3f6c9dbc2c6f157e601cbbc95c65

  • SSDEEP

    49152:BYyqyQ4SjTErF0JwHoLjhbi4zmkKm0W85GNLZLgKT/MNMNngOdTMnWAqkeKbr3kg:PgR2HoLtb

Score
9/10
credential_accessdiscoverystealer

Malware Config

Targets

    • Target

      bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40.exe

    • Size

      8.0MB

    • MD5

      7a9e91cd05bb23625354d0f46066904c

    • SHA1

      7389f1881aba1c2ba3544321bd068bbf91dfa00a

    • SHA256

      bbbfdf66e9c773bcad95c6cd2e89a596620f417175de712269689b08f2643a40

    • SHA512

      cdcd8c13f582682279463afc1a6196b65e127a0cb344632f1c2222f8f64793ae8c19547758eda94ece0bc9526b6ed13e552c3f6c9dbc2c6f157e601cbbc95c65

    • SSDEEP

      49152:BYyqyQ4SjTErF0JwHoLjhbi4zmkKm0W85GNLZLgKT/MNMNngOdTMnWAqkeKbr3kg:PgR2HoLtb

    Score
    9/10
    credential_accessdiscoverystealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Uses browser remote debugging

      Can be used control the browser and steal sensitive information such as credentials and session cookies.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Modify Authentication Process

1
T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

1
T1556

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Steal Web Session Cookie

1
T1539

Modify Authentication Process

1
T1556

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Browser Information Discovery

1
T1217

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks