b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Guqcvju_Signed_.exe
Size

1.1MB
Sample

200713-deen5q6ftn
MD5

271646d2ae5f0c7693be133688eaca38
SHA1

fce0e671122419cbb94f9651039323e945960964
SHA256

b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123
SHA512

263656c10302a5ae39d3712b7bcbf8424b46bb98132bdb1f659baebba72eb1e166e5af4b63ad83e4b458fc4547ebcb1b7be62c18e4dd3622fdcf8067f40fe3b7

Score

8^/10

persistence spyware

Malware Config

Targets

- Target
  
  Guqcvju_Signed_.exe
- Size
  
  1.1MB
- MD5
  
  271646d2ae5f0c7693be133688eaca38
- SHA1
  
  fce0e671122419cbb94f9651039323e945960964
- SHA256
  
  b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123
- SHA512
  
  263656c10302a5ae39d3712b7bcbf8424b46bb98132bdb1f659baebba72eb1e166e5af4b63ad83e4b458fc4547ebcb1b7be62c18e4dd3622fdcf8067f40fe3b7
Score

8^/10

persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2