General
-
Target
BDSysLog_i.exe
-
Size
21.4MB
-
Sample
240918-swmrlsybpc
-
MD5
67be97f398c4dc80474cda170b8eea69
-
SHA1
57433f332234fad239a52d8b25b285845fd71560
-
SHA256
ec665b0f57c52bd4252a301ca4a8cfd4c4c12cebabce060d31ebf310d246203a
-
SHA512
33c8c74104679e44481389af1691b0e703a8142dcc517d5b9eb5847c5d59daf7b0bbbccb605851dfe4568b9f87e17d5f5d5ba26fcb84f1015a785d9eac2b0b08
-
SSDEEP
393216:oaV3CouR5exeuMzkJj53E+NFbVQZbV3UyEXnip0ozmiaPiFo7ffjxiyPM3rtixnr:tV3C7R9o5VFbVwbVoXip0U7RFo3nk3Jq
Static task
static1
Behavioral task
behavioral1
Sample
BDSysLog_i.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
BDSysLog_i.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
BDSysLog_i.exe
-
Size
21.4MB
-
MD5
67be97f398c4dc80474cda170b8eea69
-
SHA1
57433f332234fad239a52d8b25b285845fd71560
-
SHA256
ec665b0f57c52bd4252a301ca4a8cfd4c4c12cebabce060d31ebf310d246203a
-
SHA512
33c8c74104679e44481389af1691b0e703a8142dcc517d5b9eb5847c5d59daf7b0bbbccb605851dfe4568b9f87e17d5f5d5ba26fcb84f1015a785d9eac2b0b08
-
SSDEEP
393216:oaV3CouR5exeuMzkJj53E+NFbVQZbV3UyEXnip0ozmiaPiFo7ffjxiyPM3rtixnr:tV3C7R9o5VFbVwbVoXip0U7RFo3nk3Jq
-
Drops file in Drivers directory
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Remote Services: SMB/Windows Admin Shares
Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1Credential Access
Credentials from Password Stores
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1