General

  • Target

    0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6N

  • Size

    1.3MB

  • Sample

    241027-w16basxrdr

  • MD5

    84b07b994a0a4d70755a474205c878e0

  • SHA1

    086557438738b320c33b60907ba423fdcc160eeb

  • SHA256

    0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6

  • SHA512

    0fd251edb45303ece2921e8046c2ebf9403a893c9b08158a8308ec00db82494580900faa5c3e6b82eb87290939c9641937c7c99e33543bc266a8c40f045ab14b

  • SSDEEP

    24576:/Np+pIL73V/z9ABBEqOpYgzJ/jptDfTFdFHOJ3+WPGwil8rbO2PfnNoJH:BV/zSBEzpYgzBdtDxG+WC8/BfNG

Malware Config

Targets

    • Target

      0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6N

    • Size

      1.3MB

    • MD5

      84b07b994a0a4d70755a474205c878e0

    • SHA1

      086557438738b320c33b60907ba423fdcc160eeb

    • SHA256

      0214713ef04746d890da32014bf9f18956b94ff066229622039eb7a99af431d6

    • SHA512

      0fd251edb45303ece2921e8046c2ebf9403a893c9b08158a8308ec00db82494580900faa5c3e6b82eb87290939c9641937c7c99e33543bc266a8c40f045ab14b

    • SSDEEP

      24576:/Np+pIL73V/z9ABBEqOpYgzJ/jptDfTFdFHOJ3+WPGwil8rbO2PfnNoJH:BV/zSBEzpYgzBdtDxG+WC8/BfNG

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      $APPDATA/Rapidbrowser/Rapidbrowser-Installer.exe

    • Size

      1.2MB

    • MD5

      39af6a5259e51df165f8f665a4ab68cc

    • SHA1

      9dad02be8bc3c0f3ca0731959978263752b45bf4

    • SHA256

      a22942f082445ca0b894fa46954c7e12a60636b6fc76ba549d547efa80c18018

    • SHA512

      bbb2e6efa1b812dda6cf6ecea001f7b83e05f556951beeb26b603036bf167801cd7921aeabc4b66a194128a7d2b9f630939b6178c907b2768402af5f2d22fded

    • SSDEEP

      24576:AZd7zVFj9kBPEqO7YOpZ/VptDhTFpDHOP3umPGwA1wrVs+PVTNc:oVFj8PEz7YOpxbtDDQumcwxZV5c

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      bootstrap.js

    • Size

      12KB

    • MD5

      edeeb3f4b254ccf86a7e0c9f85133384

    • SHA1

      4d60f46f9064028297af9ea5d13b77024281cbcb

    • SHA256

      747eb3be7184769237cdecbd8d6c03dcc2876cd4ba2a3df69650608ba3b0cc8e

    • SHA512

      d0f501e1841425450c05ff3b5beae22d09637f2b5ecad2be6b2019b639961a5d9e9af13804d07307b9588587ee2b6876f7fa5010f05082c510dccc25544ebdea

    • SSDEEP

      192:Ac5TD1rwMCPn3bIWYXqoTnjtqFmvYX9pzGfPID4aXvHJaNUyVMhPThd:9hJrwrLYausmgQC5byaPThd

    Score
    3/10
    • Target

      resources/smootherweb/data/content.js

    • Size

      3KB

    • MD5

      2c7d8a0f57ad60fdf0708e8a4cdbdc1e

    • SHA1

      5d2d540f6bf641cdb2928e05c56e28b35ea0be30

    • SHA256

      2bda833af2d01da7091ab3693916d6d2367d81750560b8e84e680811f25c2bfe

    • SHA512

      af2ad720e9894f6b52cca67f24d2b57cab804ff85a14c500911bbb41cf15a0e612a5c36e93acdf523de4decc0243bb6b325ff0c19be21b80752ed98f36cde0fa

    Score
    3/10
    • Target

      resources/smootherweb/lib/ajax.js

    • Size

      1KB

    • MD5

      228edff56bdc5f553bf40a200a48c362

    • SHA1

      f974ec6411ff18c78d2f26f73ad716357f824911

    • SHA256

      dc247f9abdbc8b2fa631e5ddf071153d405784873c4e269a03622140f6e2a5d0

    • SHA512

      5fd52665bfd98d7f994bf88fc79074528d1b1610304ac182c6bd6cd892600be15e9b5fdda81fd0654675b7f89ea09332377712df12ab2e6f868f5f5519a592c4

    Score
    3/10
    • Target

      resources/smootherweb/lib/main.js

    • Size

      23KB

    • MD5

      cca2bee4ac45386ef9851251cad58b00

    • SHA1

      92be96d4a979ffec71ab13ac337560553c02334f

    • SHA256

      2629e4922021c9de86ce5ac5253c4914e17c487baaa52b67a776aa79e2fa95e4

    • SHA512

      d5cefa1b1a49a29aaa3f7404263dbf80bc45843664bde8941ab24d0b9f9f6bdf1fec302722e3316b16f111e6abbffd14c511527c4e14b92a71afb1b1f89cbc01

    • SSDEEP

      384:2uqeo+CZCRcrcKscjCtLM9lut5H6gdl62Weut5Hjgzl6cPMqD+Gf2G/2Ec5MJqid:OsftLMqt9ldl626t9Ezl6uMSc5VFno5

    Score
    3/10
    • Target

      resources/smootherweb/lib/main.js-backup

    • Size

      22KB

    • MD5

      5f77a154599b4de40619a90c41d5f67b

    • SHA1

      b24c0bf8c6f0ec5ac909cf7c7cd4ce1248a1f777

    • SHA256

      8b05dd23cfcf522e535972389b63ad23dc9c636ed4be1daee68cbbbabc2525c7

    • SHA512

      747ab22b3308954b6329c0193dede188a64ec874b2eae0f90635498f00d8d7d54567ea49d4837cdd90edc7dd9df707b1f05cdbc72426f383f8d5adf535f28fef

    • SSDEEP

      384:8mXasaHwVQVp/z12sh2s7nlnR2ZQmzdZwiec/8ZgXSn1zdZwieF/jZgXo3nyax4W:SjREZnulK8yXSLulFjyXmniq6T2h

    Score
    3/10
    • Target

      resources/smootherweb/lib/main.js-backup last

    • Size

      22KB

    • MD5

      90041b6c83b10c2d98f815d3bf41afaa

    • SHA1

      972191d86a84de508f38298cf2f54b038f9290cc

    • SHA256

      f4153bcfb6a60930d6477df3fa171a5da40f72ee5b1acd9cab3b9971105e9c42

    • SHA512

      99bfe906b51135fe19170ff573ff9eedb5dda0fcf36872c885da040f728eadcb633c5eef4510ffe63486c704d22adc712caa28b3e8d830ad982886bbc91a6a13

    • SSDEEP

      384:C/ceo+CZCRcrcKscjCtLM9lut5H6gdl62Weut5Hjgzl6KP4qD+Gf2G/2Ec5mJOid:dsftLMqt9ldl626t9Ezl6A4Sc5BFno5

    Score
    3/10
    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      8614c450637267afacad1645e23ba24a

    • SHA1

      e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

    • SHA256

      0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

    • SHA512

      af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

    Score
    3/10
    • Target

      $PLUGINSDIR/KillProcDLL.dll

    • Size

      4KB

    • MD5

      99f345cf51b6c3c317d20a81acb11012

    • SHA1

      b3d0355f527c536ea14a8ff51741c8739d66f727

    • SHA256

      c2689ba1f66066afce85ca6457ecd36370be0fe351c58422e45efd0948655c93

    • SHA512

      937aa75be84a74f2be3b54dc80fac02c17dad1915d924ef82ab354d2a49bc773ee6d801203c52686113783a7c7ea0e8ed8e673ba696d6d3212f7006e291ed2ef

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      cf85183b87314359488b850f9e97a698

    • SHA1

      6b6c790037eec7ebea4d05590359cb4473f19aea

    • SHA256

      3b6a5cb2a3c091814fce297c04fb677f72732fb21615102c62a195fdc2e7dfac

    • SHA512

      fe484b3fc89aeed3a6b71b90b90ea11a787697e56be3077154b6ddc2646850f6c38589ed422ff792e391638a80a778d33f22e891e76b5d65896c6fb4696a2c3b

    • SSDEEP

      96:3IsUxO9udx4qYp7AJb76BykUbQMtHUOA5Iv+RnsrqeXV+d1g2IW9t2c+cEwF9oug:YVL7ikJb76BQUoUm+RnyXVYO2RvHoug

    Score
    3/10
    • Target

      $PLUGINSDIR/ZipDLL.dll

    • Size

      163KB

    • MD5

      2dc35ddcabcb2b24919b9afae4ec3091

    • SHA1

      9eeed33c3abc656353a7ebd1c66af38cccadd939

    • SHA256

      6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

    • SHA512

      0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

    • SSDEEP

      3072:8CkSJJ30k1pn2T4ISnUGN+E8KnCOxA17jxLmRtWHyPDQFllOdJiSg:tkSJy+c30UxbKnA1hLKWSVdk

    Score
    3/10
    • Target

      $PLUGINSDIR/inetc.dll

    • Size

      20KB

    • MD5

      c498ae64b4971132bba676873978de1e

    • SHA1

      92e4009cd776b6c8616d8bffade7668ef3cb3c27

    • SHA256

      5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

    • SHA512

      8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

    • SSDEEP

      384:EVJOXQZkjhm+Np3aWgzxljzbbEUhU7ya4LtU0Ac9khYLMkIX0+GBty3S:EeXQcm+NpqWgzxljzfEUhUua4LtG

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      72ef340bc58f53d1a196581dcfb80f55

    • SHA1

      f4167ebd1adbb34e7b45a0d013885575c1bdf4fd

    • SHA256

      4f69550bba4583ae5f4df10d3b2980b3d164eac21d45dba3496f9ed98a675f7c

    • SHA512

      87919a3768a143dd80fb73c879342cc3ebf8935983af5bb499701559216048f5a0835a0f34c3f0e54f827ff1265b8bd2e369398b901c89303f92ffe6e8cc8d7e

    • SSDEEP

      96:3jp41CMj95rKhkfL5RkEdKkcxM2DjDf3GE/E9v5E9av+Yx4FndY7ndS27gA:3jujesS4HRE/K5MYxcdqn420

    Score
    3/10
    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      b2639b996a3d69541c78642772283e9f

    • SHA1

      e8a0c678708b8b625234a3ac502e37940ad2992f

    • SHA256

      79aa4f0daf303b02bfcf0306e690378e050003e42c7c9d3e1bd5ad62fb2f3a21

    • SHA512

      fabd2f9dd6ff8887cde99c9ccb7c755722daed0e6d7d332e1811b7a4a0f10daaad3ab750fb90838fdcc8049bda49f0cb84283e007c48e54b117b4de41c321815

    • SSDEEP

      96:57GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgN838:Vygp3FcHi0xhYMR8dMqJVgN

    Score
    3/10
    • Target

      Rapidbrowser.dll

    • Size

      628KB

    • MD5

      9cf9260438f7b3c4ba75c44df756dbb8

    • SHA1

      057dacfa804729532059cf86a85eb96e168d53e5

    • SHA256

      7b47343d11a3e4fecef3d1f7a29ec6ac2b47372d73a2083663269eba185334ca

    • SHA512

      38d0ec13247506d89fa9f5e693f057122e49cd2ef268e688a7849055ff0be5d1d0ac459127f6a66024d67260d08d132970ca7b5aef0c92a0e8c6639706863393

    • SSDEEP

      12288:h7rt1PH38HzmKuWPHJnam5G4iYYUvLGHTwjKFEkjj/r/qv:h3HPH3uzRNHJN5XiYBwEuTC

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral2

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral3

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral4

adwarediscoverypersistenceprivilege_escalationspywarestealer
Score
7/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
3/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

adwarediscoverystealerupx
Score
6/10

behavioral32

adwarediscoverystealerupx
Score
6/10