Overview

overview

7

Static

static

3

Hazard-Tok...ty.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Hazard-Token-Grabber-v2-main (2).zip

  • Size

    13.9MB

  • Sample

    240428-lwle8adc5t

  • MD5

    cf40f14adddd27941a7bc0745c548b56

  • SHA1

    d01e72ef808a92d95fc7db01d1b5cfb6f8df6b81

  • SHA256

    1fcd473f1b3129ba10ab1a6a36a66890e8c20ee3ae36f12c8117a3fc604c6c41

  • SHA512

    1b9c5d8bba4bc3a158e2f3879be2c15a756a2e851b738635167ee161c43e64aa7139b495717dd2fe2f08904ce3aa73e9ad8fa5cfc198d0167e836ff9cf27df46

  • SSDEEP

    393216:mUI9I56e2p1+OESUZ+y+hxCzq3sj0Ewxes5XeRg:XQ46eO1+h/D+hxCe8j02sJeRg

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Hazard-Token-Grabber-v2-main/Hazard-Token-Grabber-v2-main/tools/dist/LastActivity.exe

    • Size

      13.9MB

    • MD5

      a928bd31d8371e073b40b6042face5fa

    • SHA1

      4a7053396ef4a8fd76c0b833f46cc54448893f3c

    • SHA256

      aa62987e2095f7bf6f56d5c761a997c73f16ae8a9d768ab51c732249a3bded7d

    • SHA512

      cdcd60be7355348b95b649846d49bca5a22db3c6eb8d0ed4ae69d6fc9f74627c5be3f767a0d650582482fa2433ac494f768d8807b62adbdacff60ac469d3ab13

    • SSDEEP

      393216:DJ+Fe0EkDS5AW1c4q1+TtIiFYY9Z8D8Ccl6l7EOjKkPXK5:90raAWa4q1QtIDa8DZcIl7skvK5

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks