Overview

overview

10

Static

static

10

DashBoardP...io.exe

windows10-2004-x64

8

DashBoardP...ser.js

windows10-2004-x64

3

DashBoardP...ser.js

windows10-2004-x64

3

DashBoardP...ser.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DashBoardPlus.rar

  • Size

    7.4MB

  • Sample

    241002-xe2lna1dmp

  • MD5

    9b4ae9344080b377cde1b27d9b0e72a0

  • SHA1

    a2b6d026bb39aa73ddc70a25d92e9a4260dd0b6c

  • SHA256

    1d8ac1e72524b489e0da557f50b1eb6a925a308c7be505d9bb4456a1846ea561

  • SHA512

    be9c0b21ef3e18d70f0a22cee38aa7f2280073bd88e3dbb5e4c31c55807a3e52a86e7d2de82f33bb60d9501abb9039def34afbd54f4be3a5cabe695238bacde6

  • SSDEEP

    98304:+uJhb4SHUkErxyRCKMAWItbxMJMG/fIxyTiwjB2+LgcfwyBkFtDL94GqTs6s10cr:fJxrqOS7IXMVDvjJfwZPvhnuZeuNbppk

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      DashBoardPlus/RoAudio.exe

    • Size

      7.5MB

    • MD5

      8bbbdf121a25dcd4646e3a4a9ac43132

    • SHA1

      a9eb2535f4b21603825f81dfcbbfb3c6eb8d85e5

    • SHA256

      c116443d201ee85e9572773ec5e1ebf75575c2d0b56611d3a4824696c6553c1d

    • SHA512

      0664d15ed04275ee4cd03380ef5fd8dc11d52f3677aea94ea1fadfd499a6d9b318e022b3745a2eda2c324bfc4b1968ccdcf227746817a34a21a9195098670f8b

    • SSDEEP

      196608:srqkYS6AXmOshoKMuIkhVastRL5Di3uh1D7Jl:sYS9mOshouIkPftRL54YRJl

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      DashBoardPlus/dashboard/bot.user.js

    • Size

      53KB

    • MD5

      866c2e03b42456f6a4041f339b465b16

    • SHA1

      26fb194731066eb8d86649148a00cc76795d70b6

    • SHA256

      4074c910cc0d04bc72bd8cd81fddc31942b73231d4031b5030817112873ac0ee

    • SHA512

      426827101de561bc0426af98ff7e45234244c85c970ff9f8056a698740f0d10d3a45c5b90b1b6fa1b4db6e88caa96a51c4bb2145445eaf7fc029105f70bbd703

    • SSDEEP

      768:09RrSUGcrjYGZJ4AiftfgL5mizkM/65rk5U9FVoCYmdn9wOO009ZC2zAYnlr:0PYGXIjoCYWo

    Score
    3/10
    execution
    behavioral2

    • Target

      DashBoardPlus/dashboard/loader.user.js

    • Size

      3KB

    • MD5

      d687658ba59b330c91291dc943c5f1fd

    • SHA1

      0a9368620dbfb4e2001d947d2753452f0c5eb527

    • SHA256

      0b52d22f4301b3350b6bec16f6f343e855e207a2d1a6e47cf3701668b24813fe

    • SHA512

      4121008f62d8085b38794f37ac9c67f89dbaadb97cb3f40219afa0f9dfe0b25e90fc46938fbb32d83c731f4a7a9cd130d53a4b8adc3263453fc699069f2d3b03

    Score
    3/10
    execution
    behavioral3

    • Target

      DashBoardPlus/dashboard/massuploader.user.js

    • Size

      125KB

    • MD5

      f24c675fb28efd75b750e9801510e3a8

    • SHA1

      581ea9ca3f322b576779a91e5673af2db8fa51d1

    • SHA256

      65baffd1be9ed111a59708ed53865809cc3ae4140525763f46c8215c5cfcdf70

    • SHA512

      633c6023e58e59c3fe0ccb9b00a4d3ec05ca1438c18d2a576c256b55c9bbfba87623b126121770441eb9127d73ed6de6f701148971b64b857d85cf4ea5dd2ebe

    • SSDEEP

      1536:UVzMJ/mdDLLCdW7SaDnyjY+cX188+teaaZ8SrvH9Tg4aDPIBKeLOR:oE/27CdW7S+nyjdurvHu4aDuY

    Score
    3/10
    execution
    behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

JavaScript

1
T1059.007

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

System Information Discovery

3
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks