64053908fcf7f49b000761602ecadd42a40b5d163c95e73b833cf2fd2ba183a2 | Triage

Submit
Reports

Overview

overview

8

Static

static

a6936625e7...5f.exe

windows7_x64

8

a6936625e7...5f.exe

windows10_x64

8

Sharing

General

Target

a6936625e74d09e2118a9b0a475bf9391495f047f046f7b63cfc319adebbc25f.7z
Size

5.0MB
Sample

211028-vasf3sgfhq
MD5

f44e563507061e74b0ec98531f4f9a0c
SHA1

eae6214c4ed87f453b0667d46315d8a559fa1e8b
SHA256

64053908fcf7f49b000761602ecadd42a40b5d163c95e73b833cf2fd2ba183a2
SHA512

57ebc96ee78df1309e9a5aee9278112b1e10222e1a6acf93def937cb2ff5f40e1fee073bf5a9f55111eff0240d394070536619f7180a736c9d11e3a2d527cd55

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a6936625e74d09e2118a9b0a475bf9391495f047f046f7b63cfc319adebbc25f.exe

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a6936625e74d09e2118a9b0a475bf9391495f047f046f7b63cfc319adebbc25f.exe

Resource

win10-en-20211014

discovery persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a6936625e74d09e2118a9b0a475bf9391495f047f046f7b63cfc319adebbc25f
- Size
  
  5.5MB
- MD5
  
  d07ccea4f401887ff1106c08c42e8110
- SHA1
  
  79510087ee93e64cbbcb930ef6e61e620d619539
- SHA256
  
  a6936625e74d09e2118a9b0a475bf9391495f047f046f7b63cfc319adebbc25f
- SHA512
  
  96841848dafa59b9dc1f963c04550e72b2bb8a30818f90c639b2aff5978322b077c84bea0204b6027fc591f9914f9df8e5a4cac13e7059eba9795dc261b03e1a
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy