s.exe
General
Target
Size
Sample
s.exe
8KB
220120-k6zvxshce4
Score
10 /10
MD5
SHA1
SHA256
SHA512
9117ec9c09a548e549b5a85431d621ae
d7bf8b631eb814a0d41318fe3d97c45264739e19
5beb552d751f5866dece29a1a6d17ed03f71870161b8d6d07882883359da6e3f
2f4b71e44a979f2d343f76af85868740608178a4c21f0e87ec63f0f9077517c8894db85ec4f6084980e061ce8eeef011decf31cb7f9d0d636c0c34d43aa9d59b
Malware Config
Extracted
| Credentials |
Protocol: smtp Host: smtp.gmail.com Port: 587 Username: mnayarhaytham2022@gmail.com Password: mayarhaytham0106214438 |
Targets
Target
MD5
Filesize
s.exe
9117ec9c09a548e549b5a85431d621ae
8KB
Score
10/10
SHA1
SHA256
SHA512
d7bf8b631eb814a0d41318fe3d97c45264739e19
5beb552d751f5866dece29a1a6d17ed03f71870161b8d6d07882883359da6e3f
2f4b71e44a979f2d343f76af85868740608178a4c21f0e87ec63f0f9077517c8894db85ec4f6084980e061ce8eeef011decf31cb7f9d0d636c0c34d43aa9d59b
Tags
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
Description
BIOS information is often read in order to detect sandboxing environments.
TTPs
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Description
Infostealers often target stored browser data, which can include saved credentials etc.
Tags
TTPs
-
Themida packer
Description
Detects Themida, an advanced Windows software protection system.
Tags
-
Checks whether UAC is enabled
Tags
TTPs
-
Legitimate hosting services abused for malware hosting/C2
TTPs
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks