Overview

overview

10

Static

static

98c9398c95...86.exe

windows7_x64

10

98c9398c95...86.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98c9398c958e6b0280c15108cde96186

  • Size

    1.2MB

  • Sample

    211025-tx31nahcdj

  • MD5

    98c9398c958e6b0280c15108cde96186

  • SHA1

    9a34f808c61266af8bcc323c749a37508bb36f5d

  • SHA256

    530e60117af681ba636ba03254c06041e865afa3f9cf1596ced6d59d58bdb1b8

  • SHA512

    502dfc6fec14ca4b136220ea224a7b0ac017758b615d7424c0e972c42962edaf137c69610a0486f08cffb59255ab700e4c55afcf41680d6a6f70d4485ae40344

Score
10/10
spywarestealersuricata

Malware Config

Targets

    • Target

      98c9398c958e6b0280c15108cde96186

    • Size

      1.2MB

    • MD5

      98c9398c958e6b0280c15108cde96186

    • SHA1

      9a34f808c61266af8bcc323c749a37508bb36f5d

    • SHA256

      530e60117af681ba636ba03254c06041e865afa3f9cf1596ced6d59d58bdb1b8

    • SHA512

      502dfc6fec14ca4b136220ea224a7b0ac017758b615d7424c0e972c42962edaf137c69610a0486f08cffb59255ab700e4c55afcf41680d6a6f70d4485ae40344

    Score
    10/10
    spywarestealersuricata

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • suricata: ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)

      suricata: ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)

      suricata

    • suricata: ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)

      suricata: ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)

      suricata

    • suricata: ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)

      suricata: ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)

      suricata

    • suricata: ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)

      suricata: ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks