Overview

overview

8

Static

static

308da60a_w...Oq.exe

windows7_x64

8

308da60a_w...Oq.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    308da60a_wxBOPXvJOq

  • Size

    1.6MB

  • Sample

    210830-2v42y6bds6

  • MD5

    308da60a9996a07824a1a1ce3a994d05

  • SHA1

    24828b0bbbe4b975e2d73cfbcd6633113145b2f9

  • SHA256

    1a1bf81f4a5d156c4c4ad16bd5f8ea3b2ea8c759b3e1fcbb47945f5c9039ff94

  • SHA512

    84a3da30d8ae3891e1b9f0c24de612922512f39c94a743fea2a287a2299df6ceaaedb42b70ec18b1481e2b3c97a9021c83c7722d2521b47c19005ce4523b3afe

Score
8/10
discoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      308da60a_wxBOPXvJOq

    • Size

      1.6MB

    • MD5

      308da60a9996a07824a1a1ce3a994d05

    • SHA1

      24828b0bbbe4b975e2d73cfbcd6633113145b2f9

    • SHA256

      1a1bf81f4a5d156c4c4ad16bd5f8ea3b2ea8c759b3e1fcbb47945f5c9039ff94

    • SHA512

      84a3da30d8ae3891e1b9f0c24de612922512f39c94a743fea2a287a2299df6ceaaedb42b70ec18b1481e2b3c97a9021c83c7722d2521b47c19005ce4523b3afe

    Score
    8/10
    discoveryspywarestealerevasiontrojan

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks