25cd127b9d559d6754269ecc116d35be66aca027640bcd71a836567c32b946c5

General

Target

1b8bf38e83c31c76c7dd00088ac0922d.exe
Size

1.6MB
MD5

1b8bf38e83c31c76c7dd00088ac0922d
SHA1

1bc87682b1518b398ee7eacc4c8e4370b18d359e
SHA256

25cd127b9d559d6754269ecc116d35be66aca027640bcd71a836567c32b946c5
SHA512

8e36767cc8a6967303e50ff4ec324ca4457503a8ed0c68eab5da1d4c0e3ced9d95a0697649a4ef762463c930d78e4751a990801491f11ed3ae26db30169ac6b3

Score

9^/10

discovery evasion spyware stealer trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

1b8bf38e83c31c76c7dd00088ac0922d.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1b8bf38e83c31c76c7dd00088ac0922d.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1b8bf38e83c31c76c7dd00088ac0922d.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

1b8bf38e83c31c76c7dd00088ac0922d.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1b8bf38e83c31c76c7dd00088ac0922d.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

1b8bf38e83c31c76c7dd00088ac0922d.exe

pid process

960 1b8bf38e83c31c76c7dd00088ac0922d.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

1b8bf38e83c31c76c7dd00088ac0922d.exe

description pid process

Token: SeDebugPrivilege 960 1b8bf38e83c31c76c7dd00088ac0922d.exe

pid	process
960	1b8bf38e83c31c76c7dd00088ac0922d.exe

description	pid	process
Token: SeDebugPrivilege	960	1b8bf38e83c31c76c7dd00088ac0922d.exe

C:\Users\Admin\AppData\Local\Temp\1b8bf38e83c31c76c7dd00088ac0922d.exe
"C:\Users\Admin\AppData\Local\Temp\1b8bf38e83c31c76c7dd00088ac0922d.exe"
1⤵
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

3

T1012

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x00000000762C1000-0x00000000762C3000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/960-55-0x0000000000380000-0x00000000003E0000-memory.dmp

Filesize
384KB

Download
memory/960-57-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/960-58-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/960-59-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download
memory/960-60-0x0000000002800000-0x0000000002801000-memory.dmp

Filesize
4KB

Download
memory/960-61-0x00000000027F0000-0x00000000027F1000-memory.dmp

Filesize
4KB

Download
memory/960-64-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/960-63-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/960-62-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/960-65-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/960-66-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-67-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-69-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-68-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-70-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/960-71-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/960-72-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/960-73-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/960-75-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/960-74-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/960-76-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-78-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/960-77-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-79-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/960-81-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/960-82-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/960-80-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/960-83-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/960-85-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-84-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/960-87-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-86-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-88-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-89-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/960-91-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/960-90-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/960-93-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/960-92-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/960-95-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/960-94-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/960-97-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/960-96-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/960-98-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/960-100-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/960-99-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/960-101-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/960-102-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/960-103-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/960-104-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/960-105-0x0000000000400000-0x000000000082C000-memory.dmp

Filesize
4.2MB

Download
memory/960-106-0x0000000005B20000-0x0000000005B21000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads