Overview

overview

9

Static

static

460c76892a...49.exe

windows7_x64

3

460c76892a...49.exe

windows10_x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    460c76892a939c1b7d563171c3b2d349.exe

  • Size

    10KB

  • Sample

    210321-nz2cppby46

  • MD5

    460c76892a939c1b7d563171c3b2d349

  • SHA1

    267857f6c93b33f87c7d3fd109d22fe3e7e33913

  • SHA256

    6851d9ae6d9c3405a7fb92d93ec0bd87e3c52a6903e29ab55f2d7b779559d4b7

  • SHA512

    f2e559032b4d8cdcd020e5b62fbdbe163fabe9af0c1f518eb0b33881c491c0a545297d2403a488dae752703d94ce5afa66fbfa63901bf875a5d2c0b9eee1d0ea

Score
9/10
spywarestealer

Malware Config

Targets

    • Target

      460c76892a939c1b7d563171c3b2d349.exe

    • Size

      10KB

    • MD5

      460c76892a939c1b7d563171c3b2d349

    • SHA1

      267857f6c93b33f87c7d3fd109d22fe3e7e33913

    • SHA256

      6851d9ae6d9c3405a7fb92d93ec0bd87e3c52a6903e29ab55f2d7b779559d4b7

    • SHA512

      f2e559032b4d8cdcd020e5b62fbdbe163fabe9af0c1f518eb0b33881c491c0a545297d2403a488dae752703d94ce5afa66fbfa63901bf875a5d2c0b9eee1d0ea

    Score
    9/10
    spywarestealer

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks