Overview

overview

8

Static

static

0093b3e67f...d7.exe

windows7_x64

8

0093b3e67f...d7.exe

windows10_x64

8

06f3992479...6d.exe

windows7_x64

1

06f3992479...6d.exe

windows10_x64

1

4690e24ad2...ad.exe

windows7_x64

1

4690e24ad2...ad.exe

windows10_x64

1

6d9db6ba26...24.exe

windows7_x64

7

6d9db6ba26...24.exe

windows10_x64

7

9c47fe6c8d...3e.exe

windows7_x64

8

9c47fe6c8d...3e.exe

windows10_x64

8

a1db42d46f...2a.exe

windows7_x64

1

a1db42d46f...2a.exe

windows10_x64

1

a798b09ca0...4d.exe

windows7_x64

7

a798b09ca0...4d.exe

windows10_x64

7

b4556fe3a6...34.exe

windows7_x64

7

b4556fe3a6...34.exe

windows10_x64

7

c8b952f70a...74.exe

windows7_x64

1

c8b952f70a...74.exe

windows10_x64

1

f35818a585...3c.exe

windows7_x64

1

f35818a585...3c.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5303315121078272.zip

  • Size

    10.2MB

  • Sample

    210423-g8d6bkn2yx

  • MD5

    fe5b9e4a70a4a0188fd985880aed663c

  • SHA1

    66e8514502630b8320e2ea141ba5ba86d3eb896f

  • SHA256

    ebf29f6e0d7487301d2670db3686b07bfbb4a7cce0ea022ac03cac9d16deeb78

  • SHA512

    66201a1cf528d76b680e7a58466f77b901c3bf57ca814b5a27e6d2b821655bffda28425019cab6f1d5cdb2477a3b9d953d373f326c95e52cf2e7182f7f512de6

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      0093b3e67f9ac01a1b5ebedb7046a8e881bc403892288fe531c03018e41401d7

    • Size

      2.0MB

    • MD5

      8540e2be7e84f2ddc37499b0a3aeb53f

    • SHA1

      4767ac2a0eb586d52fa20a0253cbfce6c7ce198f

    • SHA256

      0093b3e67f9ac01a1b5ebedb7046a8e881bc403892288fe531c03018e41401d7

    • SHA512

      4ffcec4f7886ea371e4b5a6628aba29390f17dd6ea8d0746680fc7ea3105d77ad0d7a825d0ac6823e01d52a4c206b4f6fa4cb6a6d813e2f9521fb12e3b52dd35

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      06f39924792712f3db4454d68315f99518463d12fd5e1256888edc3f73ec9a6d

    • Size

      1.7MB

    • MD5

      ea72eb9996864c212b33be3838273b36

    • SHA1

      36b4bc26e6b700ebff611e3288f38d3faa6f6b82

    • SHA256

      06f39924792712f3db4454d68315f99518463d12fd5e1256888edc3f73ec9a6d

    • SHA512

      db17165cf3bd255689a09759a74255a9d59126b53e52c771f6951846e9bb3b957b65b2d0649b78c59e49ee8a5a061bf9b26e795e4536bf5be32c583dd3fa217a

    Score
    1/10
    behavioral3behavioral4

    • Target

      4690e24ad2ebfc89565f5ddc0b86e1a8f7f570f41e1b5dcab3787e8d8ef025ad

    • Size

      1.7MB

    • MD5

      7047546c86bf0e26cb0dee22f762be68

    • SHA1

      2e8af5ed694f9c0f4a42311644e268c634e5842b

    • SHA256

      4690e24ad2ebfc89565f5ddc0b86e1a8f7f570f41e1b5dcab3787e8d8ef025ad

    • SHA512

      2e617fc9a9355c40ff06f71c1176c16720b9c863ce13688c49ea7345d88ed6d623b312edc76881ec7afae8e2335938b8af83d3180ee48f0a8298551a90ee9d69

    Score
    1/10
    behavioral5behavioral6

    • Target

      6d9db6ba26b1730bf6910456b4a6c25821ddbfe8542bea456a3bbb924ea83524

    • Size

      1.9MB

    • MD5

      5343e92d267c2afec4f27377cd95449a

    • SHA1

      111277ed4286124854b781210a4e78b64e86288d

    • SHA256

      6d9db6ba26b1730bf6910456b4a6c25821ddbfe8542bea456a3bbb924ea83524

    • SHA512

      0a1ddc8ee8600443a7320513d00591173bfd40d6c538f585da84f6807499e04beef6f31a8ad01d5c8cebd67f60b084407ce563a00f9afdd42d37fd873b2f0e4f

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral7behavioral8

    • Target

      9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e

    • Size

      1.5MB

    • MD5

      a143c89f4ea3dac8b9d2b483100997d8

    • SHA1

      3dfc565d01f7d49f9cd09355377cad7b16277599

    • SHA256

      9c47fe6c8dbedae7d4f92d185d56509f0932e74a5ed9d3a28a4789461968f03e

    • SHA512

      cddb9bcd9437c368043bd92f2a815e322f675ce7db7bda1c7ea4cdac1bf1b22cfb7aaa89cd06dd17f7f74f405320200ec71a14131a5c64502df0fbafdd0e73f5

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral9behavioral10

    • Target

      a1db42d46f08b66f80d31f85c0a2ec932da4fca72247eacb0574d391ddd3162a

    • Size

      1.5MB

    • MD5

      901d597ab01c445f3dfb198d9d7a449f

    • SHA1

      b8f5dc7d3e51481c43df6c476c75a0d6c5a470a6

    • SHA256

      a1db42d46f08b66f80d31f85c0a2ec932da4fca72247eacb0574d391ddd3162a

    • SHA512

      f16c9594aa8a7d2f4a1530056c8773b0715ca8e2cdb779830f6b0ef91c7b70751e5048b91b21a5baef12afa6dcbf4f632fe334f056724187c92b8338fea8d677

    Score
    1/10
    behavioral11behavioral12

    • Target

      a798b09ca056657bb97434edf659394d

    • Size

      1.9MB

    • MD5

      a798b09ca056657bb97434edf659394d

    • SHA1

      143280fa164815f73c3c89687e3711f3a3128596

    • SHA256

      2ff619a4b0c109117b73ec22b00cbbbf1c09fe1d8fcedffb4929d07600ad2dbe

    • SHA512

      b8c5928f68aff230547c9b3b39d511cca4a30649b792dcd74ba8bfaff8ddf635c571a7d9396a0a75f930fb08fccd3a96ef24c86df11e56d66f90780ce35b0069

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral13behavioral14

    • Target

      b4556fe3a65fd59deebb705c66424a50a07ac077bcff31cae040ea2f5a4f0734

    • Size

      2.8MB

    • MD5

      dcef36616a7b5c2be007d9f47b00d91d

    • SHA1

      2ebbf52f7b7fc44578a2cb34bb04f80bbd3a0229

    • SHA256

      b4556fe3a65fd59deebb705c66424a50a07ac077bcff31cae040ea2f5a4f0734

    • SHA512

      9a164d9a7cfad239041ed15fb601dfb13acc0ae2bbccd446bfb3bb1250b5d38bce8e0c037dc26740d92f3c1ee1ebcdc7144f89ae76242898015640f1a76446b2

    Score
    7/10
    spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral15behavioral16

    • Target

      c8b952f70a8dea0a32c18cf42627c2b8059eb66b1bc3a019a21acf4c9f901d74

    • Size

      1.0MB

    • MD5

      0724d40c6e36fcc9212fb1e31d3c52ef

    • SHA1

      e3feca03d24741fdfc1f9bd53bff9b377e8dab23

    • SHA256

      c8b952f70a8dea0a32c18cf42627c2b8059eb66b1bc3a019a21acf4c9f901d74

    • SHA512

      aedcaca6d3756d6cfc34469a4b29dc052f9f90818abfa68ad3cdd4111b64c24c3ac82cd4e93c7a970d26a84ec1e10dd31289486ca444f1b83825f98a17662a7c

    Score
    1/10
    behavioral17behavioral18

    • Target

      f35818a5851c9a037febbe09cdab1c046a76ce49a3d1af777e504f149144683c

    • Size

      1.5MB

    • MD5

      33e40b860715440a1270b34d1d4d74bc

    • SHA1

      7acce6a71f9646cdb2c396302a4950bc19ac54fa

    • SHA256

      f35818a5851c9a037febbe09cdab1c046a76ce49a3d1af777e504f149144683c

    • SHA512

      5a60be854689509c0a6c9b190c1c841af97a6b8c2a32da2a1414d255ca7a0409b3c940ae46e69e6bf7c4c75a994f16050a576145e3ecebb204bb563b25d979e9

    Score
    1/10
    behavioral19behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks