Resubmissions

27-07-2021 18:43

210727-wfwvz4lx7a 7

27-07-2021 18:40

210727-gwaegel7nx 7

General

  • Target

    sovkey.exe

  • Size

    51.6MB

  • Sample

    210727-wfwvz4lx7a

  • MD5

    ee299adc0b6ba8095951322881ec0667

  • SHA1

    5e4184bf0a42415007c561cbf0c19a0e7791fccf

  • SHA256

    c4929a0715f37aeab16544ae3a8735cff6d8225a328112fd2c69786c6681a411

  • SHA512

    1f49c8e58fecd5c4950afff60c636cc2020f9804e903013bb6f8859d7af8f5de2f311aed9f029ac9eea8c39eada53f7ef22c26647599e193695d2dc00eb346ca

Malware Config

Targets

    • Target

      sovkey.exe

    • Size

      51.6MB

    • MD5

      ee299adc0b6ba8095951322881ec0667

    • SHA1

      5e4184bf0a42415007c561cbf0c19a0e7791fccf

    • SHA256

      c4929a0715f37aeab16544ae3a8735cff6d8225a328112fd2c69786c6681a411

    • SHA512

      1f49c8e58fecd5c4950afff60c636cc2020f9804e903013bb6f8859d7af8f5de2f311aed9f029ac9eea8c39eada53f7ef22c26647599e193695d2dc00eb346ca

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks