de3e916b84e5baab191cb54d4e9d810e513939736d5e1b7b43ce54bba7cde10c | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows10-2004_x64

Resubmissions

07-02-2023 08:52

230207-ksqebsdg7t 10

24-05-2022 05:22

220524-f2lehsfeg4 10

02-05-2022 08:03

220502-jxq1zseee4 10

Sharing

General

Target

Setup.exe
Size

310KB
Sample

220524-f2lehsfeg4
MD5

019ac2c608d79f6fe1f20ad235b1cad8
SHA1

637ddc1db076c63e94af222b331fa236008f6e5d
SHA256

de3e916b84e5baab191cb54d4e9d810e513939736d5e1b7b43ce54bba7cde10c
SHA512

05404fd9dcb938477f90efa5a8f9e08dda8403041a4bc68babfc11b16ca5c601baccbbedbcedd8ec6cee53b99a12acf9773b1d7f877307060172391999c077f4

Score

10^/10

evasion spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10v2004-20220414-es

evasion spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  310KB
- MD5
  
  019ac2c608d79f6fe1f20ad235b1cad8
- SHA1
  
  637ddc1db076c63e94af222b331fa236008f6e5d
- SHA256
  
  de3e916b84e5baab191cb54d4e9d810e513939736d5e1b7b43ce54bba7cde10c
- SHA512
  
  05404fd9dcb938477f90efa5a8f9e08dda8403041a4bc68babfc11b16ca5c601baccbbedbcedd8ec6cee53b99a12acf9773b1d7f877307060172391999c077f4
Score

10^/10

evasion spyware stealer suricata trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
  suricata: ET MALWARE Win32/Spy.Socelars.S CnC Activity M3
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy