Overview

overview

7

Static

static

Builder.exe

windows10-1703-x64

1

Builder.exe

windows10-2004-x64

1

Builder.exe

windows10-1703-x64

1

Builder.exe

windows10-2004-x64

1

Stub/stub.exe

windows10-1703-x64

7

Stub/stub.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    stealerium.zip

  • Size

    2.0MB

  • Sample

    220806-pa7m4seeap

  • MD5

    a8efcbaef20292af12f246dc1d124bde

  • SHA1

    976b9739612c2c0c54d278aea67006449dc0bbda

  • SHA256

    fdbdb566dabed7e26f4888cabb7c9230e96bea7f6bb44bd570ba87efc0368099

  • SHA512

    03c2e1de149813640bd9b86710496c9b941de4e9c37881e4e42841b9961f86b34819818c88d2c26c967643cb86b58330f9596b5d6db98e4a2304578f2ac66a4d

Score
7/10
microsoftphishing

Malware Config

Targets

    • Target

      Builder.dll

    • Size

      13KB

    • MD5

      d70e30839037f4d680d1796af6c7cba2

    • SHA1

      590abe950e12862f4512e59f380a45b8cddc4eb9

    • SHA256

      1aa1e67828a71392d9fdccb43990b9a856798689e6662d212eaafebc4cb18f19

    • SHA512

      b6076c96ed2d993fee6fb0abe983707d77be36f9c191c519cd03863b88e500920054fd16cdca00a2669d927bdd2d5e903b6426ed0073e9a0b9877dfc5b68c392

    Score
    1/10
    behavioral1behavioral2

    • Target

      Builder.exe

    • Size

      145KB

    • MD5

      0811626b7adf6455106e6ef9965af9ae

    • SHA1

      93377904329548d4984ce49384f90ee57210edeb

    • SHA256

      ad07837e851a65f21b6516ada739ba5b11926965ef7dd2f9423d4e12601335af

    • SHA512

      bdfd0ae70f18f152ade3e19d1cd0349fba21a0253a8527ec1f9b33f08c0ca5dab0801a4d75f31d114d630e9087fabfa1fcf4dd033cedf305d48d9164a1a3e332

    Score
    1/10
    behavioral3behavioral4

    • Target

      Stub/stub.exe

    • Size

      1.5MB

    • MD5

      cd57f9b56a059ce65666c2ee267f1f2a

    • SHA1

      e1c2e55dfcacf1605fa3f75b81d05bde25986aa6

    • SHA256

      f74dc7d939e1a44cd57d25d28e57c41a95e7080098bc1b37118ef8f51f6e2e36

    • SHA512

      fa91e2b2bbddd9016d9f02dc6db33482aa3707db1596236f5cbe00837ba87926801f1ff1ce302e6eb3e2ad0fa8a528e7a9256e34ca1ee2249d6ef12c17d8408d

    Score
    7/10
    microsoftphishing

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks