e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb | Triage

Sharing

General

Target

WYhCe.exe
Size

103KB
Sample

200707-qb3zrq68sj
MD5

c2337bf726d285b3e59ef7f26f388bca
SHA1

5b2bfc673012d02f27299db6929a144fd2517f93
SHA256

e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
SHA512

27e9e92d12658dd6a6e1e710577ea94d8523d3a6f703646007d8d001db9a2b608d314d9e727063207699db9717ed0e2bb77c2a19bae3e79542bec9389c5d2ba1

Score

8^/10

discovery spyware

Malware Config

Targets

- Target
  
  WYhCe.exe
- Size
  
  103KB
- MD5
  
  c2337bf726d285b3e59ef7f26f388bca
- SHA1
  
  5b2bfc673012d02f27299db6929a144fd2517f93
- SHA256
  
  e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb
- SHA512
  
  27e9e92d12658dd6a6e1e710577ea94d8523d3a6f703646007d8d001db9a2b608d314d9e727063207699db9717ed0e2bb77c2a19bae3e79542bec9389c5d2ba1
Score

8^/10

spyware discovery
- Blacklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks for installed software on the system
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarediscovery

behavioral2