Overview

overview

10

Static

static

86369c364f...04.exe

windows7_x64

10

86369c364f...04.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86369c364f0c54c6cf3db45e943784dae2a9d2c888ea2944ca561d3bd7283f04

  • Size

    1.6MB

  • Sample

    220521-at8xysagf8

  • MD5

    22e4e3046152ff6f2a4ac8d4d0480afc

  • SHA1

    10d9dd8dc02e63922baf2492edbb1e9f2eb22f69

  • SHA256

    86369c364f0c54c6cf3db45e943784dae2a9d2c888ea2944ca561d3bd7283f04

  • SHA512

    c1d15ccca76826c2e7a0398e0d4868afde2ae7e1bdc971884c5a22e1c79904c339b763250ef35502b3045481e8e802a529437f9916b3fe4a5319fdeda38985f2

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      86369c364f0c54c6cf3db45e943784dae2a9d2c888ea2944ca561d3bd7283f04

    • Size

      1.6MB

    • MD5

      22e4e3046152ff6f2a4ac8d4d0480afc

    • SHA1

      10d9dd8dc02e63922baf2492edbb1e9f2eb22f69

    • SHA256

      86369c364f0c54c6cf3db45e943784dae2a9d2c888ea2944ca561d3bd7283f04

    • SHA512

      c1d15ccca76826c2e7a0398e0d4868afde2ae7e1bdc971884c5a22e1c79904c339b763250ef35502b3045481e8e802a529437f9916b3fe4a5319fdeda38985f2

    Score
    10/10
    evasionpersistencespywarestealertrojan

    • Modifies visibility of file extensions in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks