5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa | Triage

Submit
Reports

Overview

overview

7

Static

static

5d592428f6...fa.exe

windows7-x64

7

5d592428f6...fa.exe

windows10-2004-x64

7

Sharing

General

Target

5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa
Size

292KB
Sample

220731-3s1t6seffk
MD5

19d05b827b453bad3b72b0971de776d4
SHA1

4be09277419c925d250f5b7c874af600e91fd8a4
SHA256

5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa
SHA512

3f175aaf55e24c1eff19b662af35f5352cfc8732f72b98c921407d5918b30a907640c9ba7624556cd52adf463d0fdc58fed867f84fb7a6396f3621acfcd560fb

Score

7^/10

collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa.exe

Resource

win7-20220718-en

collection spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa.exe

Resource

win10v2004-20220721-en

collection spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa
- Size
  
  292KB
- MD5
  
  19d05b827b453bad3b72b0971de776d4
- SHA1
  
  4be09277419c925d250f5b7c874af600e91fd8a4
- SHA256
  
  5d592428f6e87f83a8442291174848db4d2290677db523b164305197af14c6fa
- SHA512
  
  3f175aaf55e24c1eff19b662af35f5352cfc8732f72b98c921407d5918b30a907640c9ba7624556cd52adf463d0fdc58fed867f84fb7a6396f3621acfcd560fb
Score

7^/10

collection spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy