Overview

overview

8

Static

static

1

Downloads.zip

windows10-1703-x64

8

downloader.exe

windows10-1703-x64

3

ydx.bat

windows10-1703-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloads.zip

  • Size

    109KB

  • Sample

    240824-whq4natgpp

  • MD5

    0ad80fb187c66cc654335155c4ed0172

  • SHA1

    c91dba5a5493a091f5b532023e87f6ba63789351

  • SHA256

    d7477652d77ff2b1f2197a092401adad10ac22e4325ecfa488f64b2f06affa52

  • SHA512

    c901eea53772c8efaecebdf97ff69a1f09838a908fa23196a7d7f8feff3ac8b53ee9c1478f9cf706b412eff2f8a3ae4ba5d435c7616152418bfb70f674311c61

  • SSDEEP

    3072:kb+l9G91POxiykJ1NktvU5NLcc9EMGgUkBW8snW5DTty:zbGCs1NkuLf9ENQXJDQ

Score
8/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Downloads.zip

    • Size

      109KB

    • MD5

      0ad80fb187c66cc654335155c4ed0172

    • SHA1

      c91dba5a5493a091f5b532023e87f6ba63789351

    • SHA256

      d7477652d77ff2b1f2197a092401adad10ac22e4325ecfa488f64b2f06affa52

    • SHA512

      c901eea53772c8efaecebdf97ff69a1f09838a908fa23196a7d7f8feff3ac8b53ee9c1478f9cf706b412eff2f8a3ae4ba5d435c7616152418bfb70f674311c61

    • SSDEEP

      3072:kb+l9G91POxiykJ1NktvU5NLcc9EMGgUkBW8snW5DTty:zbGCs1NkuLf9ENQXJDQ

    Score
    8/10
    discoveryspywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

    • Target

      downloader.exe

    • Size

      203KB

    • MD5

      6922e66413b832878ac33061032d610f

    • SHA1

      0ec966e045149267007cd840798e7b0e0a077786

    • SHA256

      c014b10df32d537cb505efaa593bee22bcb2cd63b1bcd12a7ab44c958031846f

    • SHA512

      2c1ccde7c9bd793f40c3a0c6fc94aa8b8de222ed6eca52ca7249fad79d994200bd48bb1874579984ea74eb2e52d0b7fa7636b6f93fe18a17e76842e84807280f

    • SSDEEP

      3072:XWF1Sss2XaOvu+v7QC2mCAbtoJOBW0rArwrkut57cIrDjy6HyaPKbY64IrHxzMxz:XWF0+XaOvuyycWNrwrk6yabJIrRzM

    Score
    3/10
    discovery
    behavioral2

    • Target

      ydx.bat

    • Size

      119B

    • MD5

      3f485fcc624c5b40a45de5bbcd43bb91

    • SHA1

      9f1b5d9e5bc3256a5119707bc6ca74610768f0d6

    • SHA256

      7e59752afebbbc114edecb25410cc125c3ae3fa112b1b910d115c381b2a0b3ae

    • SHA512

      c26484162f05728e065586d732d529db6f73291ad74b754c8352f78973afed2ba7eeebb506aa54f1cdd3208f16f5abc142f917b8d4acc2f11c00a7bd41bdc414

    Score
    8/10
    discoverypersistencespywarestealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks