Overview

overview

7

Static

static

3

Bill.txt.exe

windows7-x64

7

Bill.txt.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e16bfedb6a494f4cc12adfc067741184829928daee0ecabdc84e1d8452c0e8e.zip

  • Size

    26KB

  • Sample

    240806-btv7javekj

  • MD5

    420b831841d54316297e421159299636

  • SHA1

    da38b5b4ff5b68b5b31209e1c43a833dfa230856

  • SHA256

    2e16bfedb6a494f4cc12adfc067741184829928daee0ecabdc84e1d8452c0e8e

  • SHA512

    c56bdfac186cd0c2d55b183c31c6a955c843f2450b9a8f48b271610a3269aeac0a4e9a8c5d4c82cb0bbf70916d79149293af1897dd4af3e2f9c1f5d10ea6e4b9

  • SSDEEP

    768:PTGiVlYv8RSiHTfsuDuso8MHMt+wVupKqh6nZzYd:bjI8RSiH7suDuq9PVuUqhsq

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Bill.txt .exe

    • Size

      26KB

    • MD5

      c43fa1b082302f3b8e01d77fb95c78c6

    • SHA1

      27609564e9f83b02aff9e7dc1b44f5d6063c46ba

    • SHA256

      130e9e8849b77a47b3d6f5201e55db8117b71c1b0530eec25cc24605e8ad1e42

    • SHA512

      095df280d357e6ff0f843b868cc17b8b1dfb428a07d1718f56a469d7f4b69df8f73cc39c83fc182015c8bdb932c828fd169ef1a09386995490014354498cd0a1

    • SSDEEP

      768:QTGiVlYv8RSiHTfsuDuso8MHMt+wVupKqh6nZzY:qjI8RSiH7suDuq9PVuUqhs

    Score
    7/10
    discoverypersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks