2295742285186ecb7ff7c4634d31bdc8.exe

General
Target

2295742285186ecb7ff7c4634d31bdc8.exe

Size

1MB

Sample

210408-ej72rz2yn2

Score
8 /10
MD5

2295742285186ecb7ff7c4634d31bdc8

SHA1

f76643300796393b1e616f7e2d925644faae5caf

SHA256

0cd1346813ea66e5ecb353180f0f01d9b2e53b230ccb5aece10e4366d632df25

SHA512

102a852a9f4b9513dd41935c96cda22647151f06f3f10601f1e1d65f938e539e0447eae4029de0c5a88762a2c6e29afccf14e5f10447f3cd5df75acfb9be605c

Malware Config
Targets
Target

2295742285186ecb7ff7c4634d31bdc8.exe

MD5

2295742285186ecb7ff7c4634d31bdc8

Filesize

1MB

Score
8 /10
SHA1

f76643300796393b1e616f7e2d925644faae5caf

SHA256

0cd1346813ea66e5ecb353180f0f01d9b2e53b230ccb5aece10e4366d632df25

SHA512

102a852a9f4b9513dd41935c96cda22647151f06f3f10601f1e1d65f938e539e0447eae4029de0c5a88762a2c6e29afccf14e5f10447f3cd5df75acfb9be605c

Tags

Signatures

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  8/10

                  behavioral2

                  7/10