37e3b28d98736c416eaa70b8e674ccc676292500642f41d9ff3f46252dc3ce35 | Triage

Submit
Reports

Overview

overview

Static

static

Whiteout G...ut.exe

windows7_x64

7

Whiteout G...ut.exe

windows11_x64

8

Whiteout G...ut.exe

windows10_x64

7

Resubmissions

16-11-2021 20:05

211116-ytx3fsccdk 10

16-11-2021 20:03

211116-ys69qsfch2 10

Sharing

General

Target

Whiteout_GhostClient_Cracked_All_Bypass_2021.rar
Size

27.3MB
Sample

211116-ytx3fsccdk
MD5

11fb7f359717b79421e6b56007f234e1
SHA1

0a331701cb8e37bdfb4ba9012dbd2ab0b6a42450
SHA256

37e3b28d98736c416eaa70b8e674ccc676292500642f41d9ff3f46252dc3ce35
SHA512

d9a5844736e1e9575d43bbfeb7b73c2bb703d75b2e9c86d08b044995e57254587a601deb56c8751d8163767c04fc03d6f333e7c4f163dd6ca1bb0fd765d8d52f

Score

10^/10

persistence pyinstaller spyware stealer trojan

Static task

static1

pyinstaller trojan stealer

Behavioral task

behavioral1

Sample

Whiteout GhostClient Cracked (All Bypass) 2021/Whiteout vX Cracked/Whiteout.exe

Resource

win7-en-20211014

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Whiteout GhostClient Cracked (All Bypass) 2021/Whiteout vX Cracked/Whiteout.exe

Resource

win11

persistence spyware stealer

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Whiteout GhostClient Cracked (All Bypass) 2021/Whiteout vX Cracked/Whiteout.exe

Resource

win10-en-20211014

spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Whiteout GhostClient Cracked (All Bypass) 2021/Whiteout vX Cracked/Whiteout.exe
- Size
  
  13.5MB
- MD5
  
  19542b787bc19a1dbc551782c055efc4
- SHA1
  
  803f21c2eb18367f8ffe9568a2bf2c3618d62b92
- SHA256
  
  333fa9832e368506d04a7a634d30bf352689ddecdbadad415102816d1931c3e6
- SHA512
  
  02008d99a13c2ef419518e3d2845c53e9a60b9aaca87e328058613606a6fb61d9bcbd55cfe09fb522643d726b787f7711362a0b92158e50341908ed7619d81e9
Score

8^/10

spyware stealer persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

pyinstallertrojanstealer

behavioral1

behavioral2

persistencespywarestealer

behavioral3

© 2018-2024

Terms | Privacy