Overview

overview

10

Static

static

10

1664220f84...19.exe

windows7_x64

10

1664220f84...19.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    06-03-2022 20:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1664220f8434fb013a1db8edf76404dba9914384745c043f95acf6d4c55af019.exe

  • Size

    880KB

  • MD5

    fe193becdceebef2cf2fcf6eddbeff82

  • SHA1

    27faa314e1f1a76190318d74e72f04bc5b0e7227

  • SHA256

    1664220f8434fb013a1db8edf76404dba9914384745c043f95acf6d4c55af019

  • SHA512

    c472f16fcc6bd0ddf59833082aa812c311ed16961f144b62fc84ee935875ddd207188979f55c95468e7ee7e64267e29e4ada1f6abb4c796eb030a6ed175c4665

Score
10/10
elysiumstealerpersistencestealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Payload 1 IoCs
  • ElysiumStealer Support DLL 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1664220f8434fb013a1db8edf76404dba9914384745c043f95acf6d4c55af019.exe
    "C:\Users\Admin\AppData\Local\Temp\1664220f8434fb013a1db8edf76404dba9914384745c043f95acf6d4c55af019.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3768-130-0x00000000000D0000-0x00000000001B2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/3768-132-0x0000000004C50000-0x0000000004C51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-131-0x0000000074410000-0x0000000074BC0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3768-133-0x0000000075E40000-0x0000000075F30000-memory.dmp

    Filesize

    960KB

    Download

  • memory/3768-135-0x00000000056F0000-0x0000000005C94000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3768-136-0x0000000005140000-0x00000000051D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3768-138-0x0000000004C53000-0x0000000004C55000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3768-137-0x00000000050F0000-0x00000000050FA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3768-139-0x0000000004C55000-0x0000000004C56000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3768-140-0x0000000004C56000-0x0000000004C57000-memory.dmp

    Filesize

    4KB

    Download