Malware-analysis-and-Reverse-engineering/APT29-DropboxLoader_analysis.md at main · Dump-GUY/Malware-analysis-and-Reverse-engineering
Tags
attack-pattern: Data Direct Hooking - T1617 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Thread Execution Hijacking - T1055.003 Hooking - T1179 Hooking
Show in Graph
Common Information
Type Value
UUID d7dd505d-e99d-4f31-9bc0-945e6986bf41
Fingerprint a60c921bbeef39e1
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 1, 2022, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Malware Analysis Report – APT29 C2-Client Dropbox Loader
Title Malware-analysis-and-Reverse-engineering/APT29-DropboxLoader_analysis.md at main · Dump-GUY/Malware-analysis-and-Reverse-engineering
Detected Hints/Tags/Attributes 54/1/30
Source URLs
Redirection Url
Details Source https://github.com/Dump-GUY/Malware-analysis-and-Reverse-engineering/blob/main/APT29_C2-Client_Dropbox_Loader/APT29-DropboxLoader_analysis.md
URL Provider
Details Provider Source level domain
Details github.com github.com
Attributes
Details Type #Events CTI Value
Details Domain 3 
api.dropbox.com
Details Domain 14 
content.dropboxapi.com
Details File 3 
nv.exe
Details File 3 
wcchromenativemessaginghost.exe
Details File 69 
vcruntime140.dll
Details File 2 
acrosup64.dll
Details File 533 
ntdll.dll
Details File 146 
wininet.dll
Details File 3 
blank.pdf
Details File 1 
%userprofile%\appdata\roaming\ adobeacrosup\nv.exe
Details File 1 
rock_computernameusernamemd5hashhexstring.mp3
Details File 1 
rock_70a1e27ba30dd415155e68409d512a2d.mp3
Details md5 1 
70c29c906cfa19759fa4776ea7c0973e
Details md5 1 
b3b1c5acf3da24e08a655e976309b181
Details md5 1 
5a4a54eaec3e383f57df3adb61bec68c
Details md5 1 
60e11cc61bc2eeee039f7aa98f96676c
Details md5 1 
1c32d785398e3a7eaab0e9b876903cc6
Details md5 1 
bcb225e7f9a3fc81429de70f7b124a02
Details sha1 1 
156fcc4008f2fc3034634c3a620b80727d3f3c95
Details sha1 1 
dea84f0c4a5a1a30c5740010ff09941be5fb172b
Details sha1 1 
b078c8a1a04c297983a148bae0ec3aa76c7a81fa
Details sha1 1 
3dad168e79bc7f421760c98a8b6be2e1630a63ec
Details sha1 1 
dedca09d9a97f719a970883eeaa570434f9ecaba
Details sha256 2 
6618a8b55181b1309dc897d57f9c7264e0c07398615a46c2d901dd1aa6b9a6d6
Details sha256 2 
244c101f10b722b352faa1160fce05f4e19a2d840b70ef054da26de7dbb0a9da
Details sha256 2 
2028c7deaf1c2a46f3ebbf7bbdf76781d84f9321107d65d9b9dd958e3c88ef5a
Details sha256 2 
0622971147486e1900037eff229d921d14f5b51aac7171729b2b66f81cdf6585
Details sha256 2 
e8e63f7cf6c25fb3b93aa55d5745393a34e2a98c5aeacbc42f1362ddf64eb0da
Details Threat Actor Identifier - APT 665 
APT29
Details Windows Registry Key 47 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run