9ba5de063e64a823aaaa28caf5948e018555fad03a1ff1c0a2a8fba9470fbbd1 | Triage

Submit
Reports

Overview

overview

9

Static

static

fae43452c2...5a.exe

windows7_x64

fae43452c2...5a.exe

windows10_x64

9

Sharing

General

Target

fae43452c24227f9acb314d82c4cb45a
Size

15.6MB
Sample

210624-xsy35r6ezs
MD5

fae43452c24227f9acb314d82c4cb45a
SHA1

7465d5fdf59f0a0a9ec2d21aae6647e4c703f983
SHA256

9ba5de063e64a823aaaa28caf5948e018555fad03a1ff1c0a2a8fba9470fbbd1
SHA512

b163aaa286b7817a942ae308351e01532c573803a7c41d3fd31707a8bb9fac2d4d5ecc12186689af8ecb3e9d9802b24cf271da537fe75420586fa8306fb3b6a2

Score

9^/10

discovery exploit spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fae43452c24227f9acb314d82c4cb45a.exe

Resource

win7v20210410

discovery exploit spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fae43452c24227f9acb314d82c4cb45a.exe

Resource

win10v20210408

discovery exploit spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fae43452c24227f9acb314d82c4cb45a
- Size
  
  15.6MB
- MD5
  
  fae43452c24227f9acb314d82c4cb45a
- SHA1
  
  7465d5fdf59f0a0a9ec2d21aae6647e4c703f983
- SHA256
  
  9ba5de063e64a823aaaa28caf5948e018555fad03a1ff1c0a2a8fba9470fbbd1
- SHA512
  
  b163aaa286b7817a942ae308351e01532c573803a7c41d3fd31707a8bb9fac2d4d5ecc12186689af8ecb3e9d9802b24cf271da537fe75420586fa8306fb3b6a2
Score

9^/10

discovery exploit spyware stealer
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitspywarestealer

behavioral2

discoveryexploitspywarestealer

© 2018-2024

Terms | Privacy