ebd3bc74866f6cd818141da0ff7ae51b4b1970dad1695f3f57845909f9c7b7a4

Sharing

Copy URL

Twitter E-mail

General

Target

ccsetup626pro.exe
Size

72.2MB
Sample

240814-eb3qfawdnd
MD5

b0641da60584a9ddbbc5a5c14d1e2c25
SHA1

9a3a808fe55c5174e262762de319aeea2701bae8
SHA256

ebd3bc74866f6cd818141da0ff7ae51b4b1970dad1695f3f57845909f9c7b7a4
SHA512

3a66626336034210d847757c87b005763169eece50b678dd44d90a5527dce2ec55b3d3ecee3c3b5e750052dbe5c0cea52e42811d8b566c33f5c43e77ba1d0d00
SSDEEP

1572864:Hcsg1pG3zhIExyRA2V/eboTJKq7/89/6C6KOhNMi:HyG3dI/RAUUoTJH7/89/6C6KUNt

Score

7^/10

Malware Config

Targets

- Target
  
  ccsetup626pro.exe
- Size
  
  72.2MB
- MD5
  
  b0641da60584a9ddbbc5a5c14d1e2c25
- SHA1
  
  9a3a808fe55c5174e262762de319aeea2701bae8
- SHA256
  
  ebd3bc74866f6cd818141da0ff7ae51b4b1970dad1695f3f57845909f9c7b7a4
- SHA512
  
  3a66626336034210d847757c87b005763169eece50b678dd44d90a5527dce2ec55b3d3ecee3c3b5e750052dbe5c0cea52e42811d8b566c33f5c43e77ba1d0d00
- SSDEEP
  
  1572864:Hcsg1pG3zhIExyRA2V/eboTJKq7/89/6C6KOhNMi:HyG3dI/RAUUoTJH7/89/6C6KUNt
Score

7^/10

bootkit discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  23KB
- MD5
  
  7760daf1b6a7f13f06b25b5a09137ca1
- SHA1
  
  cc5a98ea3aa582de5428c819731e1faeccfcf33a
- SHA256
  
  5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079
- SHA512
  
  d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5
- SSDEEP
  
  384:l4Z8sUAUNuGGsPVPEZ+OLkCnFJDhgvZwcRa9h9S4y4fO:lG8sUAUnt88CFJDhmajMA
Score

3^/10

discovery
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10

discovery
behavioral3
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6c3f8c94d0727894d706940a8a980543
- SHA1
  
  0d1bcad901be377f38d579aafc0c41c0ef8dcefd
- SHA256
  
  56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
- SHA512
  
  2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
- SSDEEP
  
  96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
Score

3^/10

discovery
behavioral4
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  7KB
- MD5
  
  675c4948e1efc929edcabfe67148eddd
- SHA1
  
  f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
- SHA256
  
  1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
- SHA512
  
  61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
- SSDEEP
  
  96:J9zdzBzMDByZtr/HDQIUIq9m6v6vBckzu9wSBpLEgvElHlernNQaSGYuH2DQ:JykDr/HA5v6G2IElFernNQZGdHW
Score

3^/10

discovery
behavioral5
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral6
- Target
  
  $_115_/lang-1025.dll
- Size
  
  247KB
- MD5
  
  bfa14cea0347e0b7878ae63ceec6f979
- SHA1
  
  3888d79361af7404c61ea23ab4e1057b8331a654
- SHA256
  
  848a7af8645cac9a9b47612eae92027cb15f9a18e58251dc0610f3581c9bb5fa
- SHA512
  
  e66c717e232215afb3f1279da5f4f53cd64f3201dca0b8914d2ac0e0e5562172b06dff6ae909d573f94e6a89ce565aa95cc45a16bdbfda8d852ebf77e5ecc0b1
- SSDEEP
  
  3072:PR8RfnpwJ5WckrG4m4xyOfF38ForEml34/s2O8sM10dOR25VvxX0n+TOq3jK5zeg:+RlLhEs0Ueik
Score

1^/10
behavioral7
- Target
  
  $_115_/lang-1026.dll
- Size
  
  295KB
- MD5
  
  f7694bb263cab5a4baaf6d1d9e7f9eb7
- SHA1
  
  035f3b90b8f12d5d38f3e8c1cd4959ddf8c31659
- SHA256
  
  b90c6ec813ed2185b4eb8abd224a4620dfac33424e0074197ace74e820289459
- SHA512
  
  b92827f54733556cedcc7ffc991a11653dd9cebf60981e9ec396ec4d8e804dddfb3fca9ebe4630f0b7c54acc41d3e18b3de0856df021febcff0c79341827a82c
- SSDEEP
  
  1536:6R7HiAYLSKbody2mxDeNvZtSffDd6vj0oD9h9U1Uzph4bwE7k2Yxd:6RzPYLFody2mxyNRtmd6JTmUzph414
Score

1^/10
behavioral8
- Target
  
  $_115_/lang-1027.dll
- Size
  
  297KB
- MD5
  
  ed2f12ff21e691f8ceb5c46e38265944
- SHA1
  
  9420c58b9389ea2246d5cf8e54872536cd0aea87
- SHA256
  
  de8cafffaf7b9f87dda62e3559774bb8bf7d39c74309a1c58ca08e6bb8e1cf2d
- SHA512
  
  a895150e5bf2edcf786fb819ea70750af65c4bbd09719815da78f126136c25704367c16cbbc91e82d5328c4f4c476789175458824e88f619f3ee0cc932849626
- SSDEEP
  
  3072:2RzrruphzbmGC0MUmqvn9vQ2iYHzNbUSlLwRPM36qWFnZY2WV72RKXsJxz1w6v4e:fbbK0MUmqVNbUSlsqWAWxzr
Score

1^/10
behavioral9
- Target
  
  $_115_/lang-1028.dll
- Size
  
  115KB
- MD5
  
  c148293d6833904b97da34520e7e7cf7
- SHA1
  
  ca4d26d675006c80749e0660e5da97bf984b395e
- SHA256
  
  3247aa351c7c15866cebcdd92a4ce96cdf759a31ea0d88215024638e81a11aa9
- SHA512
  
  5606884263de6cefc4e4c5892214e43023625570d42e33fb6a2a6c7bdc859c086863b4e910128f4849f2e9f575d7e0bec4fe891d06ff1778706dc15b85c7237a
- SSDEEP
  
  1536:ZJRo/D/014AsGJGT9bdY4MY4JUjAiN0zEwjHhAElK7kzGxOb:ZJRoLOh34MY4JzlLHplK4z/b
Score

1^/10
behavioral10
- Target
  
  $_115_/lang-1029.dll
- Size
  
  261KB
- MD5
  
  b5884538a0734f188c55dbaeb12565cb
- SHA1
  
  183e70c34421110c18f974c1ecef20693a6e5750
- SHA256
  
  77b6d74002734bdd734d3ce521b6d6688203b16ff3aee1640e3281d4e399223a
- SHA512
  
  484964acbbcf97565c247f2a8bc0a7332370d34c2fff2b59c9fdcd80198f620adaecb1f8443890f9f9bd254831a538bb1d9dacea88a471d019d3626eba7d12f0
- SSDEEP
  
  3072:pRYTV9w+1kxQxrTjEuq+mc4l0V13hcIYq80jJ0wonymZq1Mb2g6f4K:YpB13rYK
Score

1^/10
behavioral11
- Target
  
  $_115_/lang-1030.dll
- Size
  
  258KB
- MD5
  
  af1331c8efc86ba3e9f7ba142cd42dc2
- SHA1
  
  0a8edd11230bddd883bdde512b32c52086706a76
- SHA256
  
  e4adb1ba27cfea6c191c66834136970af221f6aea03f3f307e58e789fc48207c
- SHA512
  
  bf74146b382f3b3580d4c4e19c7a8fe894be0dc8277bcf50144381fa3f8d8245d326c2f4fc4ae300d06ad756196e74214923c01de8d17939e396f271fce19926
- SSDEEP
  
  3072:eRPBUUPjdtlysCPH02R/CCzuo8JqT1oSo4amSZtlFgCIMqinpM5G94t:uRrlyhwmQpqj5G
Score

1^/10
behavioral12
- Target
  
  $_115_/lang-1031.dll
- Size
  
  292KB
- MD5
  
  e54755c61270afdfc2b39d3e50b7175e
- SHA1
  
  ff9cc60aec2b10b99e8b9971bd362972d45eb4c5
- SHA256
  
  13785e4f5c235c5de9d8d524d7d236db35f1c2085c444b5eb28f3b0f935dd89d
- SHA512
  
  44e84ab54035a1a04990eca8980db5d6f2071714f05367a756f20af871df60291c044123fa536c29b20e082261be2e04532b70540081e073e3e3c527041dee5a
- SSDEEP
  
  3072:ERHJn9KvgjvyvvWTChegDQhK7JUfRtR+ga9hI7AlfbamVXuGdIEhpg8XVLZkwLlJ:ay/6qEFzda9E5VaJF
Score

1^/10
behavioral13
- Target
  
  $_115_/lang-1032.dll
- Size
  
  305KB
- MD5
  
  4dbdb71602f95f933d85d601a592c307
- SHA1
  
  801b3a530a7fe59586a5402c872ed1ec9173fabf
- SHA256
  
  d63d955a10479afa13e9903440b72786767e21fa5d59836fbaeb9705b31f4fb1
- SHA512
  
  802824ddc29c0e5f0897eefbd7db98a49904f90ef0e5c97eec42ffeafb79494d698732f1dce10e03c8f79dcbf65610dba269bcecd383cf02b2e40d202a9156d3
- SSDEEP
  
  3072:vRRBkC3TgkU7ZcvMQZO3MnoWX6r85dWORIqC4adqLDBBlKLSUG8ioi9rvxVJzAkX:9vMNx6iy
Score

1^/10
behavioral14
- Target
  
  $_115_/lang-1034.dll
- Size
  
  290KB
- MD5
  
  d6886a93b3e400544929266bf9c16249
- SHA1
  
  53d3ccbe75b88aa1edf72e2790b62d029d3804dc
- SHA256
  
  6461381265d9a51dc7b3fd0533b3a2cc3de259d1398fd4f24b2af43ea7828f4e
- SHA512
  
  cec15aa20ed0509025ebd27cb135ae97678ad239b9ca3745a87ffec5094b7d47ce80ad95263c554b98c4ab49327cf265ca7975982b8e6364d0af125138da58f1
- SSDEEP
  
  3072:vRQfXax1ncqT074Dc+JqL/wDFyIsDFPXJeiWaC7kkhTrldUuUfHuvyFWhaeqVI5e:2yx1c99+JqLY4RDFPQivkhQHehaFC5ix
Score

1^/10
behavioral15
- Target
  
  CCUpdate.exe
- Size
  
  809KB
- MD5
  
  943a4f169e9a3303ed6defc1ac3690bd
- SHA1
  
  e0bd76b866624164c10b85d37efb6474b84164df
- SHA256
  
  e531742a357907248de84b99f68ed7e8edd70e7ca918d21b24cc17ee4c128240
- SHA512
  
  da29cafdd63fd3ab3d2378fc6c2810d7579ebd6b62a4f99248458094cd2e42dc0071b83f0aee4185ca1c81139dec2991212ac383d77a737937558bbcb29d688c
- SSDEEP
  
  24576:Jjtgw77IpNyggggMrSQ5hEGnh0lhSMXlLtBq7ZnP:JjtgI6yggggMrSQ52bbq7ZnP
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral16
- Target
  
  CCleaner.exe
- Size
  
  37.1MB
- MD5
  
  6b4c65034b779fa91129d036f2854a55
- SHA1
  
  b0c21f129f58f4195cbffb8268b5693b0a4c4f2a
- SHA256
  
  9cea0bdcf677382833e973158a0c7c9b5dee86fbd7c6fdb8b114aa7b23e64d58
- SHA512
  
  b3d16086c09b23b6e8fa796e307348c005a2885c6067a5d180eeba39178d1a37fa6dffd4aad6f7a1624c9e150bf3b62f49ebfaa7612ebb26dc34264fcee88dba
- SSDEEP
  
  393216:0OriB5sAYYtY8t0fLDko46M+ApgN7ulGqbWQU53MgbAQh0ervLmM4A3WTrqN4w+n:9riB5sAdS8t08o4auHWeLw+AugFs1J
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral17
- Target
  
  CCleaner64.exe
- Size
  
  42.9MB
- MD5
  
  4ee9df4bef3571c74b1a4556e6afae6c
- SHA1
  
  4cd037edf6984b026f25572298e5c6345cbd7b0a
- SHA256
  
  c02731acaa708f929e4935da2338cda307afb4729c962722708e5a4e3b8aeb33
- SHA512
  
  a295f2d91639db79c496b31c3f03f175a9b1649d1f4c5342bdcb01c2e8871d3ef48938cfda72c57cc8724ad94d9284fb8f8e9135886e51d69f075b01a8d95085
- SSDEEP
  
  393216:OXA+q3dWyq9DcDD7laCZftAYU03aEi3I2sL1Zyx/tPE0ArqNdp1w+AJfRFhSp0D:OXVqN/9724u/BEiw+AJJFs1J
Score

6^/10

bootkit discovery persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Downloads MZ/PE file

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

Writes to the Master Boot Record (MBR)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18