536b5f8fb36ee7fbcef6c1293c8bf1b17d1645aa845a7ac2cccdbe9fd16c99d8 | Triage

Submit
Reports

Overview

overview

9

Static

static

16x.bin.exe

windows7_x64

9

16x.bin.exe

windows10_x64

9

Sharing

General

Target

16x.bin.zip
Size

3.1MB
Sample

201230-da5ckfs5nn
MD5

039cd2d7f20c2c0ff13a01694dce3953
SHA1

9c8deb0fd5f752a114034902b1b0092778d72a22
SHA256

536b5f8fb36ee7fbcef6c1293c8bf1b17d1645aa845a7ac2cccdbe9fd16c99d8
SHA512

2484089512ae3b28f9d7df32ca6b4c922978b5908bd74f7a39cbd4ac9bba81e4513c91a84476bd3286aa5f1402fe9f74d55d93c9ca50900ea939690339f52b4a

Score

9^/10

evasion spyware

Static task

static1

Behavioral task

behavioral1

Sample

16x.bin.exe

Resource

win7v20201028

evasion spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

16x.bin.exe

Resource

win10v20201028

evasion spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  16x.bin
- Size
  
  4.4MB
- MD5
  
  3e05cdc35f300de783fcb3dcd71e4970
- SHA1
  
  abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52e
- SHA256
  
  adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
- SHA512
  
  fff156d64fcd720d2d27b3e53dccb9fb817775b11b04eae44e41bb266112f3655ced03ef3e6037748155bdd02b6d749eda778e92eb66a9362546513c48ce4775
Score

9^/10

evasion spyware
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- JavaScript code in executable
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy