Overview

overview

10

Static

static

10

AntiPublic.exe

windows7_x64

10

AntiPublic.exe

windows10_x64

10

Resubmissions

17-07-2021 02:00

210717-6br9ezqcla 10

17-07-2021 01:54

210717-da4l3zkc22 10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    17-07-2021 02:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AntiPublic.exe

  • Size

    449KB

  • MD5

    b3102c8ff03714b22e9408fcf3d63ade

  • SHA1

    22da268e12c894698d4cf7cd6c4f69762ff68c4a

  • SHA256

    fd492b317c4004ce5046da22cbd0f14a698dec548eff87eee4f062284bf41505

  • SHA512

    f8231bc2b6a81861a6890416568bdb7e0268c01b5083c5f6990abf66cf7f3109a6e5e72e011374d43cec0951f10521e6384fb6a4a3c22e012515a535b593e144

Score
10/10
elysiumstealerstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Payload 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AntiPublic.exe
    "C:\Users\Admin\AppData\Local\Temp\AntiPublic.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1948 -s 600
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1252-66-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1252-67-0x0000000001C00000-0x0000000001C01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1948-62-0x00000000001D0000-0x00000000001D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1948-60-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1948-64-0x000000001AFE0000-0x000000001AFE2000-memory.dmp

    Filesize

    8KB

    Download