s.exe

General
Target

s.exe

Size

8KB

Sample

220120-k6zvxshce4

Score
10 /10
MD5

9117ec9c09a548e549b5a85431d621ae

SHA1

d7bf8b631eb814a0d41318fe3d97c45264739e19

SHA256

5beb552d751f5866dece29a1a6d17ed03f71870161b8d6d07882883359da6e3f

SHA512

2f4b71e44a979f2d343f76af85868740608178a4c21f0e87ec63f0f9077517c8894db85ec4f6084980e061ce8eeef011decf31cb7f9d0d636c0c34d43aa9d59b

Malware Config

Extracted

Credentials

Protocol: smtp

Host: smtp.gmail.com

Port: 587

Username: mnayarhaytham2022@gmail.com

Password: mayarhaytham0106214438

Targets
Target

s.exe

MD5

9117ec9c09a548e549b5a85431d621ae

Filesize

8KB

Score
10/10
SHA1

d7bf8b631eb814a0d41318fe3d97c45264739e19

SHA256

5beb552d751f5866dece29a1a6d17ed03f71870161b8d6d07882883359da6e3f

SHA512

2f4b71e44a979f2d343f76af85868740608178a4c21f0e87ec63f0f9077517c8894db85ec4f6084980e061ce8eeef011decf31cb7f9d0d636c0c34d43aa9d59b

Tags

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    Tags

    TTPs

    Query RegistryVirtualization/Sandbox Evasion
  • Nirsoft

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Themida packer

    Description

    Detects Themida, an advanced Windows software protection system.

    Tags

  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10