acb4f32c3df8689dfde4bbbd61f7f1fccaf0a8a260753445899c609a1ac4ef64 | Triage

Submit
Reports

Overview

overview

Static

static

9f8f2ba88f...83.exe

windows7_x64

9f8f2ba88f...83.exe

windows10_x64

Sharing

General

Target

eimage.zip
Size

542KB
Sample

210118-bpkq9ec9rn
MD5

f039e36c3ffa01f2b824d2a6ca8d4f3f
SHA1

79f37c4d80afe13efc0384b7ce15781a84a52b63
SHA256

acb4f32c3df8689dfde4bbbd61f7f1fccaf0a8a260753445899c609a1ac4ef64
SHA512

8920d0dff2720611da805a507ad3c6062c4b461fa66a45f3d5b57d1fe391faf9f63188b099316321d7b49837cf17ba8b12cdc5b5a4bccc389659bf35b2457ad4

Score

10^/10

discovery persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

9f8f2ba88fa5237c6ffd62cb54979c0cd9837303f1829f8107a3e18456ec9283.exe

Resource

win7v20201028

discovery persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9f8f2ba88fa5237c6ffd62cb54979c0cd9837303f1829f8107a3e18456ec9283.exe

Resource

win10v20201028

discovery persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9f8f2ba88fa5237c6ffd62cb54979c0cd9837303f1829f8107a3e18456ec9283
- Size
  
  590KB
- MD5
  
  b086da5b4e3a6027283b2ba5158852a4
- SHA1
  
  2bfb39f18fba13a26fb50ec946677ef96a6604e7
- SHA256
  
  9f8f2ba88fa5237c6ffd62cb54979c0cd9837303f1829f8107a3e18456ec9283
- SHA512
  
  1773007761a626e3f67719ec6582c08f630ada63a77b3941810648f6769ccb3cd6989a721927cfd6c1cce7670de1094a37db8d6342d578e22920f89c5a0740f5
Score

10^/10

discovery persistence spyware
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespyware

behavioral2

discoverypersistencespyware

© 2018-2024

Terms | Privacy