0aa6bb21f06690f562ac443279bc02305c8c8852530f08ea768b0f43cbbaba96 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Bussin_Nap...af.exe

windows7-x64

Resubmissions

22/09/2024, 15:05

240922-sgathavhrm 9

07/08/2024, 21:06

240807-zx5gdaxfld 7

Sharing

General

Target

Bussin_Napture-portable.paf.exe
Size

25.1MB
Sample

240922-sgathavhrm
MD5

74e44a9a8c2bfcf3688d835c90a2bafb
SHA1

35060b8edf9259582498f11521e2ea79fbf6f18c
SHA256

0aa6bb21f06690f562ac443279bc02305c8c8852530f08ea768b0f43cbbaba96
SHA512

32659f78022315ddd818487845a9e01e0efeb2294b52ae38c4f86fcc5f1e7a8ea708f67814bb4ff6a29ab6ff35d9cdda8029a1e4b039e0b5d7b2e6d3e56afd71
SSDEEP

786432:MS+nHbV0ytOPtLxrvS7RIncLtlAlSdfDw3/3sGg8:MS+nH50yQS7RgcLtSywP8GD

Score

9^/10

credential_access discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Bussin_Napture-portable.paf.exe

Resource

win7-20240903-en

credential_access discovery persistence stealer

windows7-x64

31 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Bussin_Napture-portable.paf.exe
- Size
  
  25.1MB
- MD5
  
  74e44a9a8c2bfcf3688d835c90a2bafb
- SHA1
  
  35060b8edf9259582498f11521e2ea79fbf6f18c
- SHA256
  
  0aa6bb21f06690f562ac443279bc02305c8c8852530f08ea768b0f43cbbaba96
- SHA512
  
  32659f78022315ddd818487845a9e01e0efeb2294b52ae38c4f86fcc5f1e7a8ea708f67814bb4ff6a29ab6ff35d9cdda8029a1e4b039e0b5d7b2e6d3e56afd71
- SSDEEP
  
  786432:MS+nHbV0ytOPtLxrvS7RIncLtlAlSdfDw3/3sGg8:MS+nH50yQS7RgcLtSywP8GD
Score

9^/10

credential_access discovery persistence stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Windows Credential Manager

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoverypersistencestealer

© 2018-2025

Terms | Privacy