Overview

overview

8

Static

static

WYhCe.exe

windows7_x64

8

WYhCe.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    WYhCe.exe

  • Size

    103KB

  • Sample

    200707-sstvvpnwva

  • MD5

    c2337bf726d285b3e59ef7f26f388bca

  • SHA1

    5b2bfc673012d02f27299db6929a144fd2517f93

  • SHA256

    e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb

  • SHA512

    27e9e92d12658dd6a6e1e710577ea94d8523d3a6f703646007d8d001db9a2b608d314d9e727063207699db9717ed0e2bb77c2a19bae3e79542bec9389c5d2ba1

Score
8/10
discoveryspyware

Malware Config

Targets

    • Target

      WYhCe.exe

    • Size

      103KB

    • MD5

      c2337bf726d285b3e59ef7f26f388bca

    • SHA1

      5b2bfc673012d02f27299db6929a144fd2517f93

    • SHA256

      e10c07621cbf12d95bfcb870835c10bbda376fd9e17e49f5caca6b3a3d239bdb

    • SHA512

      27e9e92d12658dd6a6e1e710577ea94d8523d3a6f703646007d8d001db9a2b608d314d9e727063207699db9717ed0e2bb77c2a19bae3e79542bec9389c5d2ba1

    Score
    8/10
    spywarediscovery

    • Blacklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks