d60a9bd623167071bc6e34cccac64b0766b05d1b4f9b0922f6f162c1573f5e19 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...03.exe

windows7_x64

SecuriteIn...03.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Dropper.Msil.CN.10732.21503
Size

1.6MB
Sample

201109-zgwwbbqacs
MD5

b93d23c44fd72c7cde829ffd46d7a90c
SHA1

b84a34510a77ff84c980877d64622186ab8e169c
SHA256

d60a9bd623167071bc6e34cccac64b0766b05d1b4f9b0922f6f162c1573f5e19
SHA512

1628926bc4884586b8ecfc42a70cf606d2bf238924cf819f76d47cb2656e16fded5a75b523715e311f600988be48dc8f2a1762129a0b6d9fcc6f1eb8345e9bcc

Score

10^/10

discovery evasion macro persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Dropper.Msil.CN.10732.21503.exe

Resource

win7v20201028

discovery evasion macro persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Dropper.Msil.CN.10732.21503.exe

Resource

win10v20201028

discovery evasion macro persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Dropper.Msil.CN.10732.21503
- Size
  
  1.6MB
- MD5
  
  b93d23c44fd72c7cde829ffd46d7a90c
- SHA1
  
  b84a34510a77ff84c980877d64622186ab8e169c
- SHA256
  
  d60a9bd623167071bc6e34cccac64b0766b05d1b4f9b0922f6f162c1573f5e19
- SHA512
  
  1628926bc4884586b8ecfc42a70cf606d2bf238924cf819f76d47cb2656e16fded5a75b523715e311f600988be48dc8f2a1762129a0b6d9fcc6f1eb8345e9bcc
Score

10^/10

discovery evasion macro persistence spyware
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies Windows Firewall
  evasion
- Sets file execution options in registry
  persistence
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionmacropersistencespyware

behavioral2

discoveryevasionmacropersistencespyware

© 2018-2024

Terms | Privacy