e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220 | Triage

Submit
Reports

Overview

overview

Static

static

e6696435c5...20.exe

windows7_x64

e6696435c5...20.exe

windows10-2004_x64

8

Sharing

General

Target

e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
Size

576KB
Sample

220521-b2q8jsfhgk
MD5

0103c868e27888648c251500988261fb
SHA1

bf4a68ce150b9c81a90f19614d8897ffb7e096fb
SHA256

e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
SHA512

484d5d13efd3e8c750f206159e739dad5fb9e37e98f8160dcbbe750d7c647488932a1e88e5d3fffac8b81d1ab0133864beb36faef4cfd38cc6d05529b8e68cea

Score

10^/10

ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220.exe

Resource

win7-20220414-en

ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
t.pl
Port:
587
Username:
[email protected]
Password:
wSe4rftg6y7sedrftgy

Targets

- Target
  
  e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
- Size
  
  576KB
- MD5
  
  0103c868e27888648c251500988261fb
- SHA1
  
  bf4a68ce150b9c81a90f19614d8897ffb7e096fb
- SHA256
  
  e6696435c5e386f8c978a7681a4f68c65e749c16c10f79e4956c5a39fed83220
- SHA512
  
  484d5d13efd3e8c750f206159e739dad5fb9e37e98f8160dcbbe750d7c647488932a1e88e5d3fffac8b81d1ab0133864beb36faef4cfd38cc6d05529b8e68cea
Score

10^/10

ransomware spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Defacement

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

© 2018-2024

Terms | Privacy