Overview

overview

8

Static

static

8

599a3a15ae...25.exe

windows7_x64

8

599a3a15ae...25.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    599a3a15aead08fbfb7497550ba8721599d1347364de5e46110b65f074e5ef25

  • Size

    1.9MB

  • Sample

    210301-ls6yh2v9dn

  • MD5

    cade87879da9a3f34ddac27afc4351a7

  • SHA1

    c9ccb5c6bccbce21414c23e7e62353c9c69ac85c

  • SHA256

    599a3a15aead08fbfb7497550ba8721599d1347364de5e46110b65f074e5ef25

  • SHA512

    145e2dc915247c940d535881426766bc461673050795bf9bcc4a6cb74429556f46359ffc7b3695e6cd74f922b003ee5f3c26434482d405164150922df19f21f7

Score
8/10
spywarevmprotect

Malware Config

Targets

    • Target

      599a3a15aead08fbfb7497550ba8721599d1347364de5e46110b65f074e5ef25

    • Size

      1.9MB

    • MD5

      cade87879da9a3f34ddac27afc4351a7

    • SHA1

      c9ccb5c6bccbce21414c23e7e62353c9c69ac85c

    • SHA256

      599a3a15aead08fbfb7497550ba8721599d1347364de5e46110b65f074e5ef25

    • SHA512

      145e2dc915247c940d535881426766bc461673050795bf9bcc4a6cb74429556f46359ffc7b3695e6cd74f922b003ee5f3c26434482d405164150922df19f21f7

    Score
    8/10
    spywarevmprotect

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks