8dca2819e4395eb497f4246dc808a5efb1cd805a70825bda636240facd8dd66c | Triage

Submit
Reports

Overview

overview

Static

static

f88c058646...f7.exe

windows7_x64

f88c058646...f7.exe

windows10_x64

Sharing

General

Target

f88c058646225de6e3cddc39ea0c9ff7
Size

1.4MB
Sample

211025-wpq28shdck
MD5

f88c058646225de6e3cddc39ea0c9ff7
SHA1

a7987fab49ee81b9a86965bd6dbd14bc0140a27c
SHA256

8dca2819e4395eb497f4246dc808a5efb1cd805a70825bda636240facd8dd66c
SHA512

c6a7a330372ce389758e4339954b248e825df0b8872f01993aa547fba816fbaa91086d61f30fdaf25bd35ff0bbe550ccc4b73c5b061916a62a2380b9ced9352f

Score

10^/10

spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

f88c058646225de6e3cddc39ea0c9ff7.exe

Resource

win7-en-20211014

spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f88c058646225de6e3cddc39ea0c9ff7.exe

Resource

win10-en-20211014

spyware stealer suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f88c058646225de6e3cddc39ea0c9ff7
- Size
  
  1.4MB
- MD5
  
  f88c058646225de6e3cddc39ea0c9ff7
- SHA1
  
  a7987fab49ee81b9a86965bd6dbd14bc0140a27c
- SHA256
  
  8dca2819e4395eb497f4246dc808a5efb1cd805a70825bda636240facd8dd66c
- SHA512
  
  c6a7a330372ce389758e4339954b248e825df0b8872f01993aa547fba816fbaa91086d61f30fdaf25bd35ff0bbe550ccc4b73c5b061916a62a2380b9ced9352f
Score

10^/10

spyware stealer suricata
- suricata: ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)
  suricata: ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)
  suricata
- suricata: ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)
  suricata: ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)
  suricata
- suricata: ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)
  suricata: ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)
  suricata
- suricata: ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)
  suricata: ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarestealersuricata

behavioral2

spywarestealersuricata

© 2018-2024

Terms | Privacy