Overview

overview

10

Static

static

INV_2020.exe

windows7_x64

10

INV_2020.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15d3b7ae0f5586fa70da1da483dac816f2cdfc464c558c0426707e4a86443e0d

  • Size

    1.2MB

  • Sample

    220521-bx5v5sfgap

  • MD5

    4565974075139d6d914f39177605505b

  • SHA1

    0ec26fa268fb3c3655be95422598840faaee689e

  • SHA256

    15d3b7ae0f5586fa70da1da483dac816f2cdfc464c558c0426707e4a86443e0d

  • SHA512

    eaa025b451047a91ca51d4ea4bdd6a6c6b46f7613f56e24df2a41692964d0f436461434b394b85d4668f67e248d5338735093d566a3f94ce32ca86969038f52d

Score
10/10
404keyloggerkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      INV_2020.EXE

    • Size

      311KB

    • MD5

      032e8660388186848cda8c3955f53202

    • SHA1

      356a668840a4dc5fc9a209189ffed7a462c8633a

    • SHA256

      24b2017e1fe4fa3f2616c1465cdb707abf300800da51ca3158580be6207876d8

    • SHA512

      042ebc16e9f0c1b3ad55278b9a5f095415aef6266d3a6ce7047450fb2e3479294435ec544b7eee542427feb160cc1700c6a62babd9664fb14aa546146f4d9e30

    Score
    10/10
    404keyloggerkeyloggerpersistencestealer

    • 404 Keylogger

      Information stealer and keylogger first seen in 2019.

      stealerkeylogger404keylogger

    • 404 Keylogger Main Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks