Analysis
-
max time kernel
102s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
07-06-2021 14:36
General
-
Target
StubV4.exe
-
Size
121KB
-
MD5
b28520a52116f6d4aff843821f12def0
-
SHA1
ce4c528523eefd7feea36a878d7870965834baec
-
SHA256
24d1536cab85c5b987c854fa774c874137d43f310045c41de9a41a0abd042264
-
SHA512
8d1c227a1e99570a7206ed490b6eda6b2780efc0595c9fce8266e3ccbf73ec85584efe763457f670c5c7e497b236efb2ddac75fd1823fa5fd3aeec81158a344e
Score
7/10
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\StubV4.exe"C:\Users\Admin\AppData\Local\Temp\StubV4.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4068-114-0x0000000000770000-0x0000000000771000-memory.dmpFilesize
4KB
-
memory/4068-116-0x000000001B320000-0x000000001B322000-memory.dmpFilesize
8KB
-
memory/4068-117-0x000000001BF30000-0x000000001BF31000-memory.dmpFilesize
4KB