General
-
Target
Business-in-a-Box_Setup (1).exe
-
Size
720KB
-
Sample
241119-n3bwgawflk
-
MD5
8781f60101e8b3c5d5aa7e7f84fd7ad0
-
SHA1
0f9f52e4458550f61bde95720fced0fe0e508be8
-
SHA256
1bbdaab9c5cbae7dfb00697afde5aeaba7ba42c3fcf8fbfa5e719d15f1507d65
-
SHA512
8d01a2dfb0e634a8b9ec1776d4a424ef656d74533da652e76d2d29e24d93f328aa42d76607cb3542c0e05636a9badc9dfd9fac866aaf70fa30a7ab2c747357f1
-
SSDEEP
12288:1H13H5ki78Pt6IWzA0HlZLZqkdlsaLoKFPRBjZRwiNUyunWtVW/ufn:t1Jz8Pt6IArfLjlsaUKFPfj7DHyWtVWo
Malware Config
Targets
-
-
Target
Device/HarddiskVolume4/SB Laptop/SUKUMARANS BACKUP/C Drive/Downloads/Business-in-a-Box_Setup (1).exe
-
Size
727KB
-
MD5
5cee8fd584a087e48cfed410c1441ff8
-
SHA1
3d68443e8ed4d922973d6fd5b56dc9b03c68bfb2
-
SHA256
b1a37f81545b33e6f5a5ef513ee5c94fd3057fdf82d883ce642bf2423791913b
-
SHA512
43f644d6b4c84adf77f068f6892a82cd4b51ca4eaf13c5198dd24563f945ad166ae7714772d7ba3a1dd0ad9f1421e6f12b85ae296d9123931ca57b7cf5098a49
-
SSDEEP
12288:r1KuFgYd+X772hRixPc2s6G4ifpog70kea6A+D7CL/npu6BAisaxn0noSptA:r1vFI7yWPXsvrQVWn9u+deA
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1