Overview

overview

10

Static

static

svchost.exe_.exe

windows7_x64

10

svchost.exe_.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    svchost.exe_

  • Size

    2.8MB

  • Sample

    211005-xdvfysacb3

  • MD5

    9f3b563a15c52fc14740c08c02072953

  • SHA1

    0e0fcb44567c9ef2ce82a1e00e734e1cad402372

  • SHA256

    b9318666f15be8c73f3014e7abaa6337e5ca53fe5263e2f5b64cd2ad435d21eb

  • SHA512

    2224565155f127cb7353e1be06dbb47db74ed0c4bde989f2746470c9385558439299acfaa1375ee19adbec2ae0686c79ff7b30c580823bae3c2057fb7580038d

Score
10/10
vkeyloggerkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      svchost.exe_

    • Size

      2.8MB

    • MD5

      9f3b563a15c52fc14740c08c02072953

    • SHA1

      0e0fcb44567c9ef2ce82a1e00e734e1cad402372

    • SHA256

      b9318666f15be8c73f3014e7abaa6337e5ca53fe5263e2f5b64cd2ad435d21eb

    • SHA512

      2224565155f127cb7353e1be06dbb47db74ed0c4bde989f2746470c9385558439299acfaa1375ee19adbec2ae0686c79ff7b30c580823bae3c2057fb7580038d

    Score
    10/10
    vkeyloggerkeyloggerpersistencestealer

    • VKeylogger

      A keylogger first seen in Nov 2020.

      stealerkeyloggervkeylogger

    • VKeylogger Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks