Overview

overview

8

Static

static

88f2cada2e...65.exe

windows7_x64

8

88f2cada2e...65.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88f2cada2e0243ba55d434a87a204265

  • Size

    1.1MB

  • Sample

    210621-4qw6q69b4n

  • MD5

    88f2cada2e0243ba55d434a87a204265

  • SHA1

    7ca8b579078e01f561ca8a1b5879c1380d220737

  • SHA256

    6d4e6d54d7fb566e6887ce79f7d65c151b3092260cc7fef21dc60d46a265b4ff

  • SHA512

    ee94319550af8d7c833b68aae939cfdae7bc82462d2ce400670b346c47ca83b590705b3ae60e50aeeccb9f5e6286ea3b35711c3a13da5a339d41a49627bc5eb8

Score
8/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      88f2cada2e0243ba55d434a87a204265

    • Size

      1.1MB

    • MD5

      88f2cada2e0243ba55d434a87a204265

    • SHA1

      7ca8b579078e01f561ca8a1b5879c1380d220737

    • SHA256

      6d4e6d54d7fb566e6887ce79f7d65c151b3092260cc7fef21dc60d46a265b4ff

    • SHA512

      ee94319550af8d7c833b68aae939cfdae7bc82462d2ce400670b346c47ca83b590705b3ae60e50aeeccb9f5e6286ea3b35711c3a13da5a339d41a49627bc5eb8

    Score
    8/10
    discoveryspywarestealer

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks