ea86bc6c2f8222ddaae0683ca9b6070dbfa60c3266e0064a776cf5917a91df76 | Triage

Submit
Reports

Overview

overview

Static

static

8

Firefox Se....0.exe

windows7_x64

Firefox Se....0.exe

windows10_x64

Sharing

General

Target

Firefox Setup 87.0.exe
Size

54.2MB
Sample

210416-dwc1xv36se
MD5

33a147d7b839a86833c6f194ca68a544
SHA1

eeb796e3b7ed7bc51785f550bb28097b28a80be5
SHA256

ea86bc6c2f8222ddaae0683ca9b6070dbfa60c3266e0064a776cf5917a91df76
SHA512

5db58537945306669ea769ab030693ba801a39f7e89764ffb6f6b773d529e4c8f864dcd53c882e0eac3a6aa9baf57460ac4b1ae6750690ce4812e8cf3d0881aa

Score

10^/10

discovery evasion persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

Firefox Setup 87.0.exe

Resource

win7v20210408

discovery evasion persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Firefox Setup 87.0.exe

Resource

win10v20210410

discovery evasion persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Firefox Setup 87.0.exe
- Size
  
  54.2MB
- MD5
  
  33a147d7b839a86833c6f194ca68a544
- SHA1
  
  eeb796e3b7ed7bc51785f550bb28097b28a80be5
- SHA256
  
  ea86bc6c2f8222ddaae0683ca9b6070dbfa60c3266e0064a776cf5917a91df76
- SHA512
  
  5db58537945306669ea769ab030693ba801a39f7e89764ffb6f6b773d529e4c8f864dcd53c882e0eac3a6aa9baf57460ac4b1ae6750690ce4812e8cf3d0881aa
Score

10^/10

discovery evasion persistence spyware stealer trojan
- Registers COM server for autorun
  persistence
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

behavioral2

discoveryevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy