Overview

overview

8

Static

static

e90981b9b7...89.exe

windows7_x64

8

e90981b9b7...89.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e90981b9b7785da5ad7d0322a45c1cbbc2592aa404ffa51d97b12a950b030589

  • Size

    2.6MB

  • Sample

    210513-hg8see36n2

  • MD5

    b9778cfed374bca17cb377d2013f7354

  • SHA1

    97f509d17326ef9be6392cd103b64b469bef6a68

  • SHA256

    e90981b9b7785da5ad7d0322a45c1cbbc2592aa404ffa51d97b12a950b030589

  • SHA512

    f5ec5cdccb1658f0ad9c783ae502e42a5af0e43a42201a8cafdfa452266e06d978781fc0aebce332b5acbbab7031bf15b2882497f454502e59e932fae730a6ff

Score
8/10
persistencespywarestealer

Malware Config

Targets

    • Target

      e90981b9b7785da5ad7d0322a45c1cbbc2592aa404ffa51d97b12a950b030589

    • Size

      2.6MB

    • MD5

      b9778cfed374bca17cb377d2013f7354

    • SHA1

      97f509d17326ef9be6392cd103b64b469bef6a68

    • SHA256

      e90981b9b7785da5ad7d0322a45c1cbbc2592aa404ffa51d97b12a950b030589

    • SHA512

      f5ec5cdccb1658f0ad9c783ae502e42a5af0e43a42201a8cafdfa452266e06d978781fc0aebce332b5acbbab7031bf15b2882497f454502e59e932fae730a6ff

    Score
    8/10
    persistencespywarestealer

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

2
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks