c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0

Analysis

max time kernel
4294179s
max time network
124s
platform
windows7_x64
resource
win7-20220311-en
submitted
14-03-2022 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
Size

552KB
MD5

2a3415ff37c6f1b5513c9b0c2195b9c4
SHA1

37ac33429ba6e0391e8dab7dd1ca350801110b74
SHA256

c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0
SHA512

278900181fa9a80a4d30fb34d7b0e4829c57694bee3d693e3714a4eaf1ca62d5c6310f230064b7d443b356c5a30089ff566afa11d3f2256a16ca736c6a6d928a

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

6 bot.whatismyipaddress.com

flow	ioc
6	bot.whatismyipaddress.com

C:\Users\Admin\AppData\Local\Temp\c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
"C:\Users\Admin\AppData\Local\Temp\c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe"
1⤵
PID:296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/296-54-0x0000000076851000-0x0000000076853000-memory.dmp

Filesize
8KB

Download
memory/296-55-0x0000000074A80000-0x000000007502B000-memory.dmp

Filesize
5.7MB

Download
memory/296-56-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/296-57-0x0000000074A80000-0x000000007502B000-memory.dmp

Filesize
5.7MB

Download
memory/296-58-0x0000000000481000-0x0000000000482000-memory.dmp

Filesize
4KB

Download