General
-
Target
b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be
-
Size
22KB
-
Sample
241017-bze3havepc
-
MD5
39114d180214f6ba2fd440ee0aeca1f1
-
SHA1
1d075a21bd720c85955b3638022b183d7953d431
-
SHA256
b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be
-
SHA512
136b77850cedad8d55b34d7674087e3735d6145ded616e8464d9d581157cd503dfaeb1a1ad40131500c983337a7ab5a117a35b3be1b81d00073d03243b472996
-
SSDEEP
384:UIiV728hUQ7Y2P/cVEccDdye7kjlWLe7grPiA8jyrMPhTjanbBoZF0MKPaNJawco:URGuY2P0Vo6r7SiAwyrMRjbjKSnbcuyN
Behavioral task
behavioral1
Sample
b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://content.dropboxapi.com/2/files/upload
Targets
-
-
Target
b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be
-
Size
22KB
-
MD5
39114d180214f6ba2fd440ee0aeca1f1
-
SHA1
1d075a21bd720c85955b3638022b183d7953d431
-
SHA256
b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be
-
SHA512
136b77850cedad8d55b34d7674087e3735d6145ded616e8464d9d581157cd503dfaeb1a1ad40131500c983337a7ab5a117a35b3be1b81d00073d03243b472996
-
SSDEEP
384:UIiV728hUQ7Y2P/cVEccDdye7kjlWLe7grPiA8jyrMPhTjanbBoZF0MKPaNJawco:URGuY2P0Vo6r7SiAwyrMRjbjKSnbcuyN
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Password Policy Discovery
Attempt to access detailed information about the password policy used within an enterprise network.
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1