cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc | Triage

Submit
Reports

Overview

overview

9

Static

static

cb2447fa5d...fc.exe

windows7_x64

8

cb2447fa5d...fc.exe

windows10_x64

9

Sharing

General

Target

cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
Size

235KB
Sample

201112-g767hbwbr2
MD5

e83a8ae8d2c31660fda61ed9502bd49a
SHA1

7aa1df0db8c5d327ab7aa914798e625c3902ae7b
SHA256

cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
SHA512

e8054cacec20d66bbb7e0efa132c5ba93b75f4dc0684fca138b74229b34d5a58e027eeeb4ac20c105ebaa8bedad08c336f364d603a4f094d22777bdf9bdc88a6

Score

9^/10

discovery persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc.exe

Resource

win7v20201028

discovery persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
- Size
  
  235KB
- MD5
  
  e83a8ae8d2c31660fda61ed9502bd49a
- SHA1
  
  7aa1df0db8c5d327ab7aa914798e625c3902ae7b
- SHA256
  
  cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
- SHA512
  
  e8054cacec20d66bbb7e0efa132c5ba93b75f4dc0684fca138b74229b34d5a58e027eeeb4ac20c105ebaa8bedad08c336f364d603a4f094d22777bdf9bdc88a6
Score

9^/10

discovery persistence spyware
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespyware

behavioral2

© 2018-2024

Terms | Privacy