58bb4399d28df01f90e1d0c5b2cf734dc53557d543354de3ce14fa6f6931c58a | Triage

Submit
Reports

Overview

overview

Static

static

6

winrar-x64-591.exe

windows7_x64

7

winrar-x64-591.exe

windows10_x64

Resubmissions

24-11-2020 01:58

201124-tw7v7kcpdj 10

24-11-2020 01:49

201124-ecm49wfmgj 10

24-11-2020 01:44

201124-6y8xb2pmc6 10

Sharing

General

Target

winrar-x64-591.exe
Size

3.1MB
Sample

201124-ecm49wfmgj
MD5

779b1a96f1da4a1af90eecf940dd6d07
SHA1

3f077891cddd60f7770067f044ddf56ea73d699d
SHA256

58bb4399d28df01f90e1d0c5b2cf734dc53557d543354de3ce14fa6f6931c58a
SHA512

ae37b7b3647e63ccafb98b87d14d7cd02855c06bd6b7cdbcd00db85b65d40bd8a5e95bafb859d1fbd01fe832b3ba1b910ed68bcaaf56a96d47d317292bdc2488

Score

10^/10

discovery persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

winrar-x64-591.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

winrar-x64-591.exe

Resource

win10v20201028

discovery persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  winrar-x64-591.exe
- Size
  
  3.1MB
- MD5
  
  779b1a96f1da4a1af90eecf940dd6d07
- SHA1
  
  3f077891cddd60f7770067f044ddf56ea73d699d
- SHA256
  
  58bb4399d28df01f90e1d0c5b2cf734dc53557d543354de3ce14fa6f6931c58a
- SHA512
  
  ae37b7b3647e63ccafb98b87d14d7cd02855c06bd6b7cdbcd00db85b65d40bd8a5e95bafb859d1fbd01fe832b3ba1b910ed68bcaaf56a96d47d317292bdc2488
Score

10^/10

spyware discovery persistence
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence

© 2018-2024

Terms | Privacy