576167ecd1c0080caa550fdaaa5f8a7c9fc37441460d7c9095960291ad2a3882 | Triage

Submit
Reports

Overview

overview

8

Static

static

sample.exe

windows7_x64

8

sample.exe

windows10_x64

8

Sharing

General

Target

adbd62b6b21d1749322122d27399495f38c80297bc5f0a7be12fc6bfa7173a8b.bin.sample.gz
Size

1.5MB
Sample

201204-cbea7eklfs
MD5

26137c53e61c6372546ab028dd63e9cb
SHA1

9a878035214d11d13b7b3cc44e6513d75446c701
SHA256

576167ecd1c0080caa550fdaaa5f8a7c9fc37441460d7c9095960291ad2a3882
SHA512

2154fef2605df601105f23f85479f1b03fde4517552c0fb78e4cfbaebbc25d1af8418300a32dc46e0ca25c458e54f884667cf0489b3f600fbf8fbafb502e18fc

Score

8^/10

discovery persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

sample.exe

Resource

win7v20201028

discovery persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sample.exe

Resource

win10v20201028

discovery persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  1.5MB
- MD5
  
  9a4be46355a7848f5e4d545e14905e25
- SHA1
  
  0ded8998c4f07c40f39fd0567d196c1fc7393960
- SHA256
  
  adbd62b6b21d1749322122d27399495f38c80297bc5f0a7be12fc6bfa7173a8b
- SHA512
  
  abfecf1404d614cbc5049b97c94f229abf8a02e92107c220ac95bea65c20dcbe958032faa7194ec7551472710abe803d2389e300fb6eab1773754bb2288c68f5
Score

8^/10

discovery persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

discoverypersistencespyware

behavioral2

discoverypersistencespyware

© 2018-2024

Terms | Privacy