ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723 | Triage

Sharing

General

Target

ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
Size

1.8MB
Sample

201108-vzwpeklq1x
MD5

3202904112ba165a8401ef87661a1b8e
SHA1

052b8ada0a42f8e62ae6252c3f9ad6288485c92d
SHA256

ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
SHA512

a0619a68fb4b121c762604ebdde44ff7b9693d8b62dc4cfdd2293d0cec6198fb067726ef9561973a544e23262c14a5843ea3c3bf87de8d468bc4125f7f91a5bd

Score

10^/10

discovery spyware

Malware Config

Extracted

Language

ps1

Source

URLs

exe.dropper

https://iplogger.org/1pzPe7

Targets

- Target
  
  ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
- Size
  
  1.8MB
- MD5
  
  3202904112ba165a8401ef87661a1b8e
- SHA1
  
  052b8ada0a42f8e62ae6252c3f9ad6288485c92d
- SHA256
  
  ed2c43666baf3e2bda4d9fb8bbb46217e0226febe37b9ffea54b879a64061723
- SHA512
  
  a0619a68fb4b121c762604ebdde44ff7b9693d8b62dc4cfdd2293d0cec6198fb067726ef9561973a544e23262c14a5843ea3c3bf87de8d468bc4125f7f91a5bd
Score

10^/10

discovery spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

discoveryspyware

behavioral2

discoveryspyware