Overview

overview

8

Static

static

3

PBCCRCPass...ge.exe

windows7-x64

8

PBCCRCPass...ge.exe

windows10-2004-x64

8

PBCCRCPassGuardX.exe

windows7-x64

3

PBCCRCPassGuardX.exe

windows10-2004-x64

3

PBCCRCPass...ut.exe

windows7-x64

5

PBCCRCPass...ut.exe

windows10-2004-x64

5

PBCCRCPass...ce.exe

windows7-x64

5

PBCCRCPass...ce.exe

windows10-2004-x64

5

Resubmissions

12-11-2024 19:49

241112-yjspzssrcq 8

30-04-2024 18:17

240430-ww4lxacg3v 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PBCCRCPassGuardEdge.exe

  • Size

    2.7MB

  • Sample

    241112-yjspzssrcq

  • MD5

    c0568331b9984599f57d7bbe11e17cd9

  • SHA1

    4860334bc492832586a10f28aaa4c1e9c59ed847

  • SHA256

    57a1929e2863a92d4e1dfdc5c0f34edfd28e7b7a8995a5afb5da3653d1ca4856

  • SHA512

    cb58825cef114ca73eac6bbf5995077c5b34a627a36b5557c1be591aec5312b2ce1708b01cfe7db665f8586e3e5181e2ff455a487a2ea6718784ae8cbbd226f6

  • SSDEEP

    49152:FtXXx7d5hSa3sWgOAhnvpAyw0rqMjdomso+NMnCPFLesr8xEZgCCDPLpGrpWBATJ:h7d5IalgOAjyaqM59sbNMnyezxEZ87LS

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      PBCCRCPassGuardEdge.exe

    • Size

      2.7MB

    • MD5

      c0568331b9984599f57d7bbe11e17cd9

    • SHA1

      4860334bc492832586a10f28aaa4c1e9c59ed847

    • SHA256

      57a1929e2863a92d4e1dfdc5c0f34edfd28e7b7a8995a5afb5da3653d1ca4856

    • SHA512

      cb58825cef114ca73eac6bbf5995077c5b34a627a36b5557c1be591aec5312b2ce1708b01cfe7db665f8586e3e5181e2ff455a487a2ea6718784ae8cbbd226f6

    • SSDEEP

      49152:FtXXx7d5hSa3sWgOAhnvpAyw0rqMjdomso+NMnCPFLesr8xEZgCCDPLpGrpWBATJ:h7d5IalgOAjyaqM59sbNMnyezxEZ87LS

    Score
    8/10
    discoveryspywarestealer

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      PBCCRCPassGuardX.exe

    • Size

      1.0MB

    • MD5

      52e22babfbfaf59f14859e175856115d

    • SHA1

      45dc92d8fc7f3aba824be0f0519c2844506a5960

    • SHA256

      7fa6544460b039457311bb310882c84801efa6c535e5ea360948803deb90c0e1

    • SHA512

      796568eae06ed17a81c7a36d392b8fd03ddbd76d746564f91a6d395fc8245453c1f574fc448d3cec93710abcc6c2e113c2df62fa4facd7b6676d7036855310bf

    • SSDEEP

      24576:GLPh4AjgcRov+reCJUcvVvCAyuHsJVvUwr+II6:GLPh4DjCeCDvF1lw56y

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      PBCCRCPassGuardXInput.exe

    • Size

      2.2MB

    • MD5

      711a4cff055438d5d09ca435f0f14711

    • SHA1

      1cd82ddcb7f0a6c03631e8f94d137ddfa056eb6d

    • SHA256

      e1a00202904b2606777b69c23bc6b432c68400ce2913c3e9bc480f4062957dec

    • SHA512

      cec702983ba3d1db5a6a06a9b5265d5943a1c5c5c015e15dc0d4fb34ab9443cea8285bd6b85db2f4f2ce69c49e59752bc9c3be7081c9d1346a2e57eaae155f9a

    • SSDEEP

      49152:PFWocvooVzlMClwnbPhwDhOp/Qo0MZ8BRZ0ibMD7IanoI8ovn:PFWocQoVhl2wV63DZ83RgD7zf

    Score
    5/10
    discoveryspywarestealer

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral5behavioral6

    • Target

      PBCCRCPassGuardXInputService.exe

    • Size

      325KB

    • MD5

      dc606c1a0dc7d554fb2f3f8f1d2388a7

    • SHA1

      3119c24f69ea3b5e595100ba8a05badb2e49fcdc

    • SHA256

      24550160fdf34fac8895da3f8799dc284654222291803a006302a60ef5299407

    • SHA512

      cd4246dd524821f262907721ef22231fa505afae135abe6dfe1bd100765644446a084f857ae52502ef4ab307b8f3ea3c992938b471a54c2b9482435bad823f9f

    • SSDEEP

      6144:lzBAeL5G6yq91UawxAT+vMnjoctZpRg78jBX:lv5nwTqT+evf08jh

    Score
    5/10
    discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks