0c386b61b2fd8ca2baa9da1efc2510632d7f064905ae736db8cd4d43b0684488

General

Target

temp.zip
Size

4.2MB
Sample

211025-2vmjwshegj
MD5

2214066342a88ecbf92ad3486f7c6836
SHA1

e3aed7bf6bb76973c7e13033d4f3cc7d0785ee13
SHA256

0c386b61b2fd8ca2baa9da1efc2510632d7f064905ae736db8cd4d43b0684488
SHA512

bf246a0cc5020b2d80d929ed31c80a57752171751ad5564d2e5e5c9a9ebb58ced79f61bdf3f79c2e3f4de4ccbe60c80e304d76489dba8b134b0d3266d012d84f

Score

10^/10

Malware Config

Targets

- Target
  
  SplitBot.exe
- Size
  
  4.3MB
- MD5
  
  4e2835daca8a52e01540a596b5b57763
- SHA1
  
  bf9c98fb338e332081a6324d882f4769956b3cd8
- SHA256
  
  7c3c10637adb941c20d60062422812830a040172ad939c5d8ad24f6a18f6b34d
- SHA512
  
  633bd6eb1c117c772de389be8cc86766c56577375bdf8d954a3b8a878e354cc9328b02e414bcc1443694547bae91b3003ea8b0c8274c74e6ec0b683584933c16
Score

1^/10
behavioral1 behavioral2
- Target
  
  driver.sys
- Size
  
  8KB
- MD5
  
  19afd57d491ffa9437f934191aaab452
- SHA1
  
  02bdd12ea02890b667e23defbc7fbb8a8eab73d0
- SHA256
  
  ff9a7656d32450b73b24db00a36b25f6ac960ef9d70ad6ce0335bf4d821f89d6
- SHA512
  
  596f55714aacccb31c35f7d0416550e62e91908da4795ed2534cd723dc700278a0c382f00cb46628c573eea5b886217695782f3a308db01bc7c06a8f6214e01e
Score

10^/10

persistence spyware stealer suricata
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- suricata: ET MALWARE DCRAT Activity (GET)
  suricata: ET MALWARE DCRAT Activity (GET)
  suricata
- Executes dropped EXE
- Sets service image path in registry
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4