1d651394cf36cfa82bfa0b76021e89cb0cd6b27b2b81b14cac7625638a9edaca | Triage

Submit
Reports

Overview

overview

8

Static

static

3

FiveM_ExecutorV3.exe

windows7_x64

8

Sharing

General

Target

FiveM_ExecutorV3.bin.zip
Size

13.9MB
Sample

220524-f5c8baahhl
MD5

497e1b6bfed94c54d5e413a33367824a
SHA1

6fb0deb34f01e86c4be2c3f726dd853c85b9cdb6
SHA256

1d651394cf36cfa82bfa0b76021e89cb0cd6b27b2b81b14cac7625638a9edaca
SHA512

65251b1319557d8bbd8064ba6d607496d9ba05e38ae9cca5fbd6988a30099e9680dbe4a0517f8abcb3d5a94791212fb66e71215a4296777efb188a69266515d6

Score

8^/10

discovery persistence pyinstaller spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

FiveM_ExecutorV3.exe

Resource

win7-20220414-es

discovery persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  FiveM_ExecutorV3.bin
- Size
  
  14.1MB
- MD5
  
  a06f87e96c0fea29bc0340057c85c2d6
- SHA1
  
  7bca4154f4d255788870bb6f63b4d84d7c08d228
- SHA256
  
  4c5beda0e06c2d3ddb081b637a5868ef6ea86523e56ac6596cce9cd67b7a0a92
- SHA512
  
  df2132e3cb2f466e89b126c5e0390d14a3d51e2bfc8b3fbcae0b0fe18e702b97d52109e42e9cef68e8434bb2ddb6c43a9adfc28a21f9e325fac7eb10aab42037
Score

8^/10

discovery persistence spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

© 2018-2024

Terms | Privacy