Overview

overview

10

Static

static

10

EZFNDebbuger.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EZFNDebbuger.exe

  • Size

    6.0MB

  • Sample

    240706-qc3mlsyelp

  • MD5

    54b41e1a53a618cc3d5df651194a7246

  • SHA1

    ccb4acd6938bf844635688e5285efd447cba5181

  • SHA256

    4bbe1184a7a84dd21fb494bd1eac2860f841e244445a659c1da39a7fb36f9eae

  • SHA512

    b5861a0bdf2ba043f2d759686661506d7b62369c0281db64d5cfbc2cdee4a91c326519dffc345a0c23ebbca835bd146704b3ed12a11bcd5fe2fa70f6b1361a19

  • SSDEEP

    98304:SLEtdFByeLhamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4ROBM2H3PuTy:SiFMeLceN/FJMIDJf0gsAGK4ROu2GTy

Score
10/10
blankgrabberdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      EZFNDebbuger.exe

    • Size

      6.0MB

    • MD5

      54b41e1a53a618cc3d5df651194a7246

    • SHA1

      ccb4acd6938bf844635688e5285efd447cba5181

    • SHA256

      4bbe1184a7a84dd21fb494bd1eac2860f841e244445a659c1da39a7fb36f9eae

    • SHA512

      b5861a0bdf2ba043f2d759686661506d7b62369c0281db64d5cfbc2cdee4a91c326519dffc345a0c23ebbca835bd146704b3ed12a11bcd5fe2fa70f6b1361a19

    • SSDEEP

      98304:SLEtdFByeLhamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4ROBM2H3PuTy:SiFMeLceN/FJMIDJf0gsAGK4ROu2GTy

    Score
    8/10
    defense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Event Triggered Execution

2
T1546

Netsh Helper DLL

1
T1546.007

Component Object Model Hijacking

1
T1546.015

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Event Triggered Execution

2
T1546

Netsh Helper DLL

1
T1546.007

Component Object Model Hijacking

1
T1546.015

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

6
T1082

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks