winrar-x64-591.exe

General
Target

winrar-x64-591.exe

Size

3MB

Sample

201124-ecm49wfmgj

Score
10 /10
MD5

779b1a96f1da4a1af90eecf940dd6d07

SHA1

3f077891cddd60f7770067f044ddf56ea73d699d

SHA256

58bb4399d28df01f90e1d0c5b2cf734dc53557d543354de3ce14fa6f6931c58a

SHA512

ae37b7b3647e63ccafb98b87d14d7cd02855c06bd6b7cdbcd00db85b65d40bd8a5e95bafb859d1fbd01fe832b3ba1b910ed68bcaaf56a96d47d317292bdc2488

Malware Config
Targets
Target

winrar-x64-591.exe

MD5

779b1a96f1da4a1af90eecf940dd6d07

Filesize

3MB

Score
10 /10
SHA1

3f077891cddd60f7770067f044ddf56ea73d699d

SHA256

58bb4399d28df01f90e1d0c5b2cf734dc53557d543354de3ce14fa6f6931c58a

SHA512

ae37b7b3647e63ccafb98b87d14d7cd02855c06bd6b7cdbcd00db85b65d40bd8a5e95bafb859d1fbd01fe832b3ba1b910ed68bcaaf56a96d47d317292bdc2488

Tags

Signatures

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Modifies system executable filetype association

    Tags

    TTPs

    Modify Registry Change Default File Association
  • Registers COM server for autorun

    Tags

    TTPs

    Registry Run Keys / Startup Folder
  • Executes dropped EXE

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • JavaScript code in executable

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                6/10

                behavioral1

                7/10

                behavioral2

                10/10