Overview

overview

10

Static

static

3

867a698567...1d.exe

windows7-x64

10

867a698567...1d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    867a698567e61aea24aeff1767619b9494a5dfcf8fd63c7282c29c42c8dfac1d

  • Size

    3.3MB

  • Sample

    241108-bg88masamd

  • MD5

    fc8c310f416f252bd419dc55cc08e7a9

  • SHA1

    37c58bd11af4de0b0c2aa744b142cc38660bfd4f

  • SHA256

    867a698567e61aea24aeff1767619b9494a5dfcf8fd63c7282c29c42c8dfac1d

  • SHA512

    bb45a141c53f9917473a691ae3889fe7ce06d96682ff33eced5d20b1e8972fde75cbb26ea9e4ca799211c0cd2b5e8a3a9977a200796a5c285d0fcb0d71e5491c

  • SSDEEP

    98304:AXz+HqdYDMjxN3b8/rfb6ray6lwhKW8NArojH:oKHqCm8/n6WWhKdA8j

Score
10/10
banloadcredential_accessdiscoverydownloaderdropperpersistenceransomwarespywarestealertrojan

Malware Config

Targets

    • Target

      867a698567e61aea24aeff1767619b9494a5dfcf8fd63c7282c29c42c8dfac1d

    • Size

      3.3MB

    • MD5

      fc8c310f416f252bd419dc55cc08e7a9

    • SHA1

      37c58bd11af4de0b0c2aa744b142cc38660bfd4f

    • SHA256

      867a698567e61aea24aeff1767619b9494a5dfcf8fd63c7282c29c42c8dfac1d

    • SHA512

      bb45a141c53f9917473a691ae3889fe7ce06d96682ff33eced5d20b1e8972fde75cbb26ea9e4ca799211c0cd2b5e8a3a9977a200796a5c285d0fcb0d71e5491c

    • SSDEEP

      98304:AXz+HqdYDMjxN3b8/rfb6ray6lwhKW8NArojH:oKHqCm8/n6WWhKdA8j

    Score
    10/10
    banloadcredential_accessdiscoverydownloaderdropperpersistenceransomwarespywarestealertrojan

    • Banload

      Banload variants download malicious files, then install and execute the files.

      trojandropperdownloaderbanload

    • Banload family

      banload

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks