Overview

overview

9

Static

static

7

0cd4b20e26...3c.exe

windows7-x64

9

0cd4b20e26...3c.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    4c677c7d3a02655e81fc7ccf15fdbecf.bin

  • Size

    7.4MB

  • Sample

    240904-hwzq3awdkj

  • MD5

    695db64038d903e8dab5132e3e67245f

  • SHA1

    1fe5cc3f75fac788c0ef67ed81996be2e4a2550d

  • SHA256

    296cbbecf587541adbecd85570af5f33b82ffcb06768b82b1f1a9373a7ef2314

  • SHA512

    aca328ef52af61686b63cb2221d1c03df0f89c7c53d6462047214d9eb4730507af33bbed3876622bcae8a52330bc2738b840a5b364cffba2ea201c75f3336760

  • SSDEEP

    196608:X3iTNDttL7qyCG2fW/nftFYvZokdJeuP6pC5+v+fRE:X3iRDjLmbW/ftFYi4euP8+fRE

Score
9/10
credential_accessdiscoveryevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      0cd4b20e2639322165af34b72136b22d7f83d7f8659ca1540f776148355e553c.exe

    • Size

      7.5MB

    • MD5

      4c677c7d3a02655e81fc7ccf15fdbecf

    • SHA1

      cd2708551bd4ffbe04a088ffbb48e3d664f92f03

    • SHA256

      0cd4b20e2639322165af34b72136b22d7f83d7f8659ca1540f776148355e553c

    • SHA512

      a4153e45129de509e826fda491beceffbc7c4e5c04297d562032a41cb0ae8bc3d156e5ecbe91a398fa0e872be60a397fa8f4957e84bd0090b2bdb72a0e26ce79

    • SSDEEP

      196608:IQ/y1cL+woey/ZEE3biEhRsx5HyZdCRmr45ur:IQ/y1cL+Xv3bRhRsx5SZUA45ur

    Score
    9/10
    discoveryevasionthemidatrojancredential_accessspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks