Overview

overview

8

Static

static

3

GoogleChro...af.exe

windows7-x64

4

GoogleChro...af.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    GoogleChromePortable_129.0.6668.101_online.paf.exe

  • Size

    1.4MB

  • Sample

    241012-zn8sfa1bkh

  • MD5

    744243c3c63686c5c7048a7b1bdb79e5

  • SHA1

    4edb4fcd4508f5d5e19a0587a33d53d848db0636

  • SHA256

    a8a116a7661e1514490e65a15b5b2a37e1727066078e2e839f120a8ec2d5e054

  • SHA512

    136270f142262597e0439b3f1f013204e788aeecd0313828cc75844b5432d4f20d2198693aa8abf5c8234752262bbca3aed83a298bb3531054e29a5be437842e

  • SSDEEP

    24576:L+px9DhhIqb0MtWkUoZ3T+nznQrO2A0dJGLKq1kZWuwfaVjeja8hedCRPUWtNNH0:6x9MM4kUo5T+n2S06NWZWuwflaXdOPNu

Score
8/10
discoveryspywarestealerupx

Malware Config

Targets

    • Target

      GoogleChromePortable_129.0.6668.101_online.paf.exe

    • Size

      1.4MB

    • MD5

      744243c3c63686c5c7048a7b1bdb79e5

    • SHA1

      4edb4fcd4508f5d5e19a0587a33d53d848db0636

    • SHA256

      a8a116a7661e1514490e65a15b5b2a37e1727066078e2e839f120a8ec2d5e054

    • SHA512

      136270f142262597e0439b3f1f013204e788aeecd0313828cc75844b5432d4f20d2198693aa8abf5c8234752262bbca3aed83a298bb3531054e29a5be437842e

    • SSDEEP

      24576:L+px9DhhIqb0MtWkUoZ3T+nznQrO2A0dJGLKq1kZWuwfaVjeja8hedCRPUWtNNH0:6x9MM4kUo5T+n2S06NWZWuwflaXdOPNu

    Score
    7/10
    discoveryspywarestealerupx

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      192639861e3dc2dc5c08bb8f8c7260d5

    • SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

    • SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    • SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    • SSDEEP

      192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      b7d61f3f56abf7b7ff0d4e7da3ad783d

    • SHA1

      15ab5219c0e77fd9652bc62ff390b8e6846c8e3e

    • SHA256

      89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912

    • SHA512

      6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8

    • SSDEEP

      96:ooEv02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YMNqkzfFc:ooEvCu5e81785qHFcU0PuAw0uyyIFc

    Score
    8/10
    discoveryspywarestealerupx

    • Downloads MZ/PE file

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks