a882cd581f2a636e5d624e3629f43e9bb127f4f77972f181cdc0e56e2fef7066 | Triage

Submit
Reports

Overview

overview

8

Static

static

TT.exe

windows7_x64

8

TT.exe

windows10_x64

1

Sharing

General

Target

TT.exe
Size

718KB
Sample

200713-81d8nlx146
MD5

4511c9c47515ec8260527ac7cb916a6b
SHA1

8677c209f7b3610b3b44160aa4fd3bfa3ff221f8
SHA256

a882cd581f2a636e5d624e3629f43e9bb127f4f77972f181cdc0e56e2fef7066
SHA512

5ae07214d7c23e6dd198bfe4f91252faaf5c21cd6cc30777942d1f0e0053fe3963498ba4750c132f2f8dc85f9af76153056cba7a6978db12fc2fb67f5b8ede4e

Score

8^/10

spyware

Static task

static1

Behavioral task

behavioral1

Sample

TT.exe

Resource

win7v200430

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  TT.exe
- Size
  
  718KB
- MD5
  
  4511c9c47515ec8260527ac7cb916a6b
- SHA1
  
  8677c209f7b3610b3b44160aa4fd3bfa3ff221f8
- SHA256
  
  a882cd581f2a636e5d624e3629f43e9bb127f4f77972f181cdc0e56e2fef7066
- SHA512
  
  5ae07214d7c23e6dd198bfe4f91252faaf5c21cd6cc30777942d1f0e0053fe3963498ba4750c132f2f8dc85f9af76153056cba7a6978db12fc2fb67f5b8ede4e
Score

8^/10

spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy