Overview

overview

10

Static

static

10

AntiPublic.exe

windows7_x64

10

AntiPublic.exe

windows10_x64

10

Analysis

  • max time kernel
    111s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    17-07-2021 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AntiPublic.exe

  • Size

    449KB

  • MD5

    b3102c8ff03714b22e9408fcf3d63ade

  • SHA1

    22da268e12c894698d4cf7cd6c4f69762ff68c4a

  • SHA256

    fd492b317c4004ce5046da22cbd0f14a698dec548eff87eee4f062284bf41505

  • SHA512

    f8231bc2b6a81861a6890416568bdb7e0268c01b5083c5f6990abf66cf7f3109a6e5e72e011374d43cec0951f10521e6384fb6a4a3c22e012515a535b593e144

Score
10/10
elysiumstealerstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Payload 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AntiPublic.exe
    "C:\Users\Admin\AppData\Local\Temp\AntiPublic.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 772 -s 596
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/772-60-0x00000000011B0000-0x00000000011B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/772-62-0x00000000003D0000-0x00000000003D6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/772-66-0x000000001ADE0000-0x000000001ADE2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2024-65-0x000007FEFC181000-0x000007FEFC183000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2024-67-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

    Filesize

    4KB

    Download