14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37 | Triage

Submit
Reports

Overview

overview

8

Static

static

14957f48f8...37.exe

windows7_x64

8

14957f48f8...37.exe

windows10-2004_x64

8

Sharing

General

Target

14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37
Size

4.8MB
Sample

220602-x1m1dsefgk
MD5

4381866a52c954b95d195d4840db8aba
SHA1

9a2522fd00883dd3d63d2ec0538eae55fe49ff9b
SHA256

14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37
SHA512

e50d7a5251922b71e3ed902f79d1572686cc019a7946fd2301df3cb4df4daf3dcab5857412ae3d4628480e33e04584702d1e056492682382312d011cce1a9bc0

Score

8^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37.exe

Resource

win7-20220414-en

persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37.exe

Resource

win10v2004-20220414-en

persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37
- Size
  
  4.8MB
- MD5
  
  4381866a52c954b95d195d4840db8aba
- SHA1
  
  9a2522fd00883dd3d63d2ec0538eae55fe49ff9b
- SHA256
  
  14957f48f88223038ffe8a431776f42cf5cc80cd606f329055b54974a27b5d37
- SHA512
  
  e50d7a5251922b71e3ed902f79d1572686cc019a7946fd2301df3cb4df4daf3dcab5857412ae3d4628480e33e04584702d1e056492682382312d011cce1a9bc0
Score

8^/10

persistence spyware stealer
- Drops file in Drivers directory
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer

© 2018-2024

Terms | Privacy