Analysis
-
max time kernel
72s -
max time network
147s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
21-04-2021 18:19
Static task
static1
Behavioral task
behavioral1
Sample
bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c.bin.exe
Resource
win7v20210410
General
-
Target
bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c.bin.exe
-
Size
59KB
-
MD5
d0efb223aef8dd61f0c0693aba824692
-
SHA1
ff95c6dc11100478baa416db56a3c69af4aaa1d6
-
SHA256
bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c
-
SHA512
0bac4db18ebe73aa3dff0f47f51b0b6b54b29e70d98adf708dd29040fdc0a2d845d786aed7ee5e14ba5eab17b8ad1dfcc427b3c63c1fe4030700b5da657fb46a
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c.bin.exedescription pid process Token: SeDebugPrivilege 3952 bbf259ce41309be3f93aa4100d6a8bf2fd84b11d884143b01046ede50b49296c.bin.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3952-114-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/3952-116-0x00000000007A0000-0x00000000007B7000-memory.dmpFilesize
92KB
-
memory/3952-117-0x00000000048A0000-0x00000000048A1000-memory.dmpFilesize
4KB
-
memory/3952-118-0x0000000004F40000-0x0000000004F41000-memory.dmpFilesize
4KB
-
memory/3952-119-0x00000000050C0000-0x0000000005107000-memory.dmpFilesize
284KB
-
memory/3952-120-0x0000000005130000-0x0000000005131000-memory.dmpFilesize
4KB
-
memory/3952-121-0x00000000052B0000-0x00000000052B1000-memory.dmpFilesize
4KB
-
memory/3952-122-0x0000000005210000-0x0000000005211000-memory.dmpFilesize
4KB
-
memory/3952-123-0x0000000005950000-0x0000000005951000-memory.dmpFilesize
4KB
-
memory/3952-124-0x00000000053C0000-0x00000000053C1000-memory.dmpFilesize
4KB