ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd | Triage

Submit
Reports

Overview

overview

8

Static

static

ef797fafff...cd.exe

windows7_x64

1

ef797fafff...cd.exe

windows10_x64

8

Sharing

General

Target

ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
Size

238KB
Sample

201108-ng3y2txwxj
MD5

f5f86b762cc6bff03cc5a7a7266d9bca
SHA1

c295fb12ad2eaf35230a9f3f4d7f254b65c4d6d7
SHA256

ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
SHA512

5d1adc85691544781fad2c6e92450ccbcc425fbce26b331b04538372277b7411a4c99a7df5157d685782ec5580c17943805aca09e74c1e39c550fa8314221226

Score

8^/10

discovery spyware

Static task

static1

Behavioral task

behavioral1

Sample

ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd.exe

Resource

win10v20201028

discovery spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
- Size
  
  238KB
- MD5
  
  f5f86b762cc6bff03cc5a7a7266d9bca
- SHA1
  
  c295fb12ad2eaf35230a9f3f4d7f254b65c4d6d7
- SHA256
  
  ef797fafff1b59918b8ce2900183d59cd77d2e70efee4062c1c4a69ce6a990cd
- SHA512
  
  5d1adc85691544781fad2c6e92450ccbcc425fbce26b331b04538372277b7411a4c99a7df5157d685782ec5580c17943805aca09e74c1e39c550fa8314221226
Score

8^/10

discovery spyware
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- JavaScript code in executable
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspyware

© 2018-2024

Terms | Privacy