General
-
Target
f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19
-
Size
2.3MB
-
Sample
240912-dxkajsyeqh
-
MD5
002ed11af9c78566710fdd1debd21644
-
SHA1
d9c44fc6c474dacb0ec735cfc0a789f5fd20f5a0
-
SHA256
f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19
-
SHA512
f0f8af4f96d3e72ea21a7203d1837aa50f1b39f5fb70c7e39bd6b18e3eb6ee7c2b193c2d323f30c8c37c58dfa79f364501cecae4b26454c1120332470eea412e
-
SSDEEP
49152:Ipgs8ABpNAcbBicSTgbDgtcBbWRzfYb/kL+agsNFCriQmew54a31Ft:IGs8AvNzXgtcpEfFFC2QVbaXt
Static task
static1
Behavioral task
behavioral1
Sample
f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19
-
Size
2.3MB
-
MD5
002ed11af9c78566710fdd1debd21644
-
SHA1
d9c44fc6c474dacb0ec735cfc0a789f5fd20f5a0
-
SHA256
f881941f711f3d797027dede73b477345f361838d24bf08e558f11db0f58cd19
-
SHA512
f0f8af4f96d3e72ea21a7203d1837aa50f1b39f5fb70c7e39bd6b18e3eb6ee7c2b193c2d323f30c8c37c58dfa79f364501cecae4b26454c1120332470eea412e
-
SSDEEP
49152:Ipgs8ABpNAcbBicSTgbDgtcBbWRzfYb/kL+agsNFCriQmew54a31Ft:IGs8AvNzXgtcpEfFFC2QVbaXt
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Modifies Windows Firewall
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3