Overview

overview

10

Static

static

10

Mr4X5srRQR...AN.exe

windows10_x64

10

OEmxRS9Uai...jI.exe

windows10_x64

10

OvVYhhgvd6...oB.exe

windows10_x64

9

QKvpJeDIaP...YY.exe

windows10_x64

9

QwnNK2SHck...xe.xml

windows10_x64

1

QxZsdXOO8X...jN.exe

windows10_x64

10

QzUu4XgUxQ...C3.exe

windows10_x64

10

SHSPDO6BYD...j9.exe

windows10_x64

10

SqCuVl85T1...Di.exe

windows10_x64

10

T8Ulrjj8F6..._x.exe

windows10_x64

10

Trj0QcTNVE...S9.exe

windows10_x64

10

Uwc7l02Hzj...tU.exe

windows10_x64

6

VoTrXaqIJ3...LW.exe

windows10_x64

10

Wp77te7Dqj...Hr.exe

windows10_x64

9

XOCYAkm_Nn...Q3.exe

windows10_x64

9

Xd_XnNqsZT...Ai.exe

windows10_x64

10

Xr9ca9oQNQ...Z9.exe

windows10_x64

9

XukfUfK8HA...FI.exe

windows10_x64

8

YPTXDeqMC1...ns.exe

windows10_x64

8

ma_5nZD3yo...xT.exe

windows10_x64

10

pnDF_dk604...fi.exe

windows10_x64

10

q_TzaanAkp...91.exe

windows10_x64

9

rgVakr0Eru...xw.exe

windows10_x64

10

t1fkwFYUEZ...r4.exe

windows10_x64

10

tC6gdsFTgl...3x.exe

windows10_x64

10

tGeiUalbSc...xe.xml

windows10_x64

1

uMWmES83od...kJ.exe

windows10_x64

10

v5n1HuUxta...Iu.exe

windows10_x64

10

wTzxLyAQL7...bA.exe

windows10_x64

6

xiGD01oEkh...VJ.exe

windows10_x64

10

yBqNUgvOW6...Fb.exe

windows10_x64

10

Analysis

  • max time kernel
    251s
  • max time network
    264s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    23-08-2021 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XOCYAkm_NnnfPmgVDNgu9MQ3.exe

  • Size

    5.3MB

  • MD5

    083da7bfea93dcaac5ca4c910c0c9636

  • SHA1

    5d94f9e397441ee8bb733122f9dce827b80f7e96

  • SHA256

    c06817143741717add66241dcd4f1b6ce497c6242d78793a69661b47a3796535

  • SHA512

    067b5940f3c04bbe908e978b735818cc6e46f8a34a6dfffdf63eca062b855d19a83f12e351dcb5da81464981771bb2a717d39bed9abdd96087cf4cd2996b31b5

Score
9/10
discoveryevasionspywarestealerthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XOCYAkm_NnnfPmgVDNgu9MQ3.exe
    "C:\Users\Admin\AppData\Local\Temp\XOCYAkm_NnnfPmgVDNgu9MQ3.exe"
    1⤵
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2116

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2116-114-0x0000000077D70000-0x0000000077EFE000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2116-116-0x0000000000F30000-0x0000000000F31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-118-0x0000000005E70000-0x0000000005E71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-119-0x0000000006980000-0x0000000006981000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-120-0x0000000005A10000-0x0000000005A11000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-121-0x0000000003730000-0x0000000003731000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-122-0x0000000005CA0000-0x0000000005CA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-123-0x00000000063B0000-0x00000000063B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-124-0x0000000005970000-0x0000000005E6E000-memory.dmp
    Filesize

    5.0MB

    Download
  • memory/2116-125-0x00000000064F0000-0x00000000064F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-126-0x0000000008D30000-0x0000000008D31000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-127-0x0000000009430000-0x0000000009431000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-128-0x0000000008F00000-0x0000000008F01000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-129-0x0000000008FA0000-0x0000000008FA1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-130-0x00000000092F0000-0x00000000092F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2116-131-0x0000000009360000-0x0000000009361000-memory.dmp
    Filesize

    4KB

    Download