Overview

overview

8

Static

static

Myou.dll

windows7_x64

1

Myou.dll

windows10_x64

1

csrts.exe

windows7_x64

8

csrts.exe

windows10_x64

8

Resubmissions

18-02-2022 07:34

220218-jea7tadbcq 8

18-02-2022 07:13

220218-h2b7yschgj 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Sample(s).rar

  • Size

    336KB

  • Sample

    220218-jea7tadbcq

  • MD5

    dd7758ee9e1d628dfa639554638d31a4

  • SHA1

    f4eca15e1bd6455b31b98390ac3c8ce8b5917c66

  • SHA256

    c6079f689a8a692799e84ae1fbb1341d1ee5519e89cc5a622f315da8e651abeb

  • SHA512

    6b031a7fe68c36efe5b72cbec26eef552f0fb8738e672c779b023bc2f751384212e6df4f0298db053ba315af3cde9dc18a0824386e80790c42e2b2746fd2e3ec

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      Myou.dll

    • Size

      30KB

    • MD5

      313bc92dce801c2ec316c57ea74dd92a

    • SHA1

      dd13b2799a9ecea34c29aeffba8ffee5a85d10c6

    • SHA256

      467e0dce7deac627f86ce46aa0ec23b0265da45dc85564a71cf10bf676f84a6f

    • SHA512

      442559f5dc67fc27dfeff9fad504cd5cab577b21df20e9c7853a79e7d7c12fe4063cbe3b91ef8444467e96d6dc500a3f6baf7c65ac405de364d94d6a7ad32b1c

    Score
    1/10
    behavioral1behavioral2

    • Target

      csrts.exe

    • Size

      498KB

    • MD5

      aa877144edcef2e8d5a8d37d7ea0d4b6

    • SHA1

      865fe61d037b67841c36468a9e7af15656621abc

    • SHA256

      3dca9bd1af28bbf348c0562475edd60de2b5a2424e586eaf118909b013054eee

    • SHA512

      300386cf27f163867e5448acb6119ef774d9ebf4e3702ff8ceb578477c583982151f95d21ac0ec2979b72034d51fae244eca37ba60256334cee42926cdcbad6b

    Score
    8/10
    spywarestealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks