223160a552cbf409f2d6dd87ddec5ee75592c53bace88f2dccc827c9e80f7f53 | Triage

Submit
Reports

Overview

overview

Static

static

7ea65c1cb2...13.exe

windows7_x64

3

7ea65c1cb2...13.exe

windows10-2004_x64

Resubmissions

17-06-2022 20:32

220617-zbrndsdcbm 10

21-04-2022 11:13

220421-nbs1nsafcm 8

04-03-2022 09:30

220304-lgv14sebh5 3

03-03-2022 14:25

220303-rrg5wsdbej 10

Sharing

General

Target

5709440755597312.zip
Size

913KB
Sample

220303-rrg5wsdbej
MD5

8d03da4b98abf115bb49af90ab59cc2e
SHA1

1fa0ee6c14dde6f0712fb52eb3a13084fb6201f5
SHA256

223160a552cbf409f2d6dd87ddec5ee75592c53bace88f2dccc827c9e80f7f53
SHA512

7b1b514233c720f9e12f57c90cc0f106452e78410944317df17df7539c2946a6c184527579d2d7e6f9cc8bd445d76d3c5caf909b6a8a0fa0da2521c430ec294f

Score

10^/10

collection discovery spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

7ea65c1cb2687be42f427571e3223e425d602d043c39f690d0c3c42309aff513.exe

Resource

win7-20220223-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7ea65c1cb2687be42f427571e3223e425d602d043c39f690d0c3c42309aff513.exe

Resource

win10v2004-en-20220113

collection discovery spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7ea65c1cb2687be42f427571e3223e425d602d043c39f690d0c3c42309aff513
- Size
  
  2.3MB
- MD5
  
  daaefbd8d541235a00593af2bb5a3e27
- SHA1
  
  428bb7e395f87070d55ef7fa08fe8296d640c20f
- SHA256
  
  7ea65c1cb2687be42f427571e3223e425d602d043c39f690d0c3c42309aff513
- SHA512
  
  ed59e719c3de251c456e1a5e8805bdae302440b03e31959ec16088f0a6a725d1f374d6fa6a7b61ecd0f83e7da4e818ea83d32d48374981b94e3071c1c0a10669
Score

10^/10

collection discovery spyware stealer suricata
- suricata: ET MALWARE Danabot Key Exchange Request
  suricata: ET MALWARE Danabot Key Exchange Request
  suricata
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

collectiondiscoveryspywarestealersuricata

© 2018-2024

Terms | Privacy