General

  • Target

    b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be

  • Size

    22KB

  • Sample

    241017-bze3havepc

  • MD5

    39114d180214f6ba2fd440ee0aeca1f1

  • SHA1

    1d075a21bd720c85955b3638022b183d7953d431

  • SHA256

    b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be

  • SHA512

    136b77850cedad8d55b34d7674087e3735d6145ded616e8464d9d581157cd503dfaeb1a1ad40131500c983337a7ab5a117a35b3be1b81d00073d03243b472996

  • SSDEEP

    384:UIiV728hUQ7Y2P/cVEccDdye7kjlWLe7grPiA8jyrMPhTjanbBoZF0MKPaNJawco:URGuY2P0Vo6r7SiAwyrMRjbjKSnbcuyN

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://content.dropboxapi.com/2/files/upload

Targets

    • Target

      b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be

    • Size

      22KB

    • MD5

      39114d180214f6ba2fd440ee0aeca1f1

    • SHA1

      1d075a21bd720c85955b3638022b183d7953d431

    • SHA256

      b76ef05bfcf202500618abfde5231c8081197699f922962497a24a0375f822be

    • SHA512

      136b77850cedad8d55b34d7674087e3735d6145ded616e8464d9d581157cd503dfaeb1a1ad40131500c983337a7ab5a117a35b3be1b81d00073d03243b472996

    • SSDEEP

      384:UIiV728hUQ7Y2P/cVEccDdye7kjlWLe7grPiA8jyrMPhTjanbBoZF0MKPaNJawco:URGuY2P0Vo6r7SiAwyrMRjbjKSnbcuyN

    • Blocklisted process makes network request

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Network Service Discovery

      Attempt to gather information on host's network.

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks