dc074ad6fcb6a29b76b8da45c84ecb811c3ddcd662d93ec69f0929578c267383 | Triage

Resubmissions

10/10/2024, 16:18

241010-tr5x3avbrc 10

10/10/2024, 16:17

241010-trhsjavbnh 7

Sharing

General

Target

OperaSetup.bat
Size

2.1MB
Sample

241010-tr5x3avbrc
MD5

46252fe1a6423fbbd272b168d98c00ba
SHA1

fd4ede984fea0e0a15f1b03ec1ee7aa7393903cd
SHA256

dc074ad6fcb6a29b76b8da45c84ecb811c3ddcd662d93ec69f0929578c267383
SHA512

ac68428d96d606d87d83f22e31585d3944e83f7cf90a101d685867970d2a6a6df54e6f84daffafb04e7f38bfeb61001291178c30cbfe0ae926995b27045d9592
SSDEEP

49152:RVAbwC95j527tIqUxHzKHhDLsRikQUTsoUq8IcgXzNGLRg9x:3AM7tqxTKHnqsoUq8ajzx

Score

10^/10

discovery evasion persistence ransomware spyware stealer trojan

Malware Config

Targets

- Target
  
  OperaSetup.bat
- Size
  
  2.1MB
- MD5
  
  46252fe1a6423fbbd272b168d98c00ba
- SHA1
  
  fd4ede984fea0e0a15f1b03ec1ee7aa7393903cd
- SHA256
  
  dc074ad6fcb6a29b76b8da45c84ecb811c3ddcd662d93ec69f0929578c267383
- SHA512
  
  ac68428d96d606d87d83f22e31585d3944e83f7cf90a101d685867970d2a6a6df54e6f84daffafb04e7f38bfeb61001291178c30cbfe0ae926995b27045d9592
- SSDEEP
  
  49152:RVAbwC95j527tIqUxHzKHhDLsRikQUTsoUq8IcgXzNGLRg9x:3AM7tqxTKHnqsoUq8ajzx
Score

10^/10

discovery spyware stealer evasion persistence ransomware trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer

behavioral3

discoveryevasionpersistenceransomwarespywarestealertrojan

behavioral4

discoveryspywarestealer