General
-
Target
ATM CLONING @Accorto_xD.zip
-
Size
54.1MB
-
Sample
241224-rfb5hazjbq
-
MD5
96ad5e5c30b20897055d47a30362885c
-
SHA1
772bd9ff34f8e6d6d93d05c5d8a61e6bfd563f42
-
SHA256
51d11e5deb2407945ef5e75ada802ad960ca172c1006aef6336c3c305cc0d8ec
-
SHA512
aea489d51e389d67432dee8bb548c69b77466c922d8752175dd27b2779bc3a970ac6bbb7f9b40afd2680e99827be4fc690af7d6a6c3a843d4610e4c9d56de457
-
SSDEEP
1572864:nRQfiJNYvLFHXbF2UgekPKtduzf+KZLld5/a/:aiJNuBXbFVg/PjLLldla/
Behavioral task
behavioral1
Sample
ATM CLONING @Accorto_xD.zip
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ATM CLONING @Accorto_xD.zip
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
ATM CLONING @Accorto_xD.zip
-
Size
54.1MB
-
MD5
96ad5e5c30b20897055d47a30362885c
-
SHA1
772bd9ff34f8e6d6d93d05c5d8a61e6bfd563f42
-
SHA256
51d11e5deb2407945ef5e75ada802ad960ca172c1006aef6336c3c305cc0d8ec
-
SHA512
aea489d51e389d67432dee8bb548c69b77466c922d8752175dd27b2779bc3a970ac6bbb7f9b40afd2680e99827be4fc690af7d6a6c3a843d4610e4c9d56de457
-
SSDEEP
1572864:nRQfiJNYvLFHXbF2UgekPKtduzf+KZLld5/a/:aiJNuBXbFVg/PjLLldla/
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3