Overview

overview

10

Static

static

08333e6115...f7.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08333e61156e2ccfd7843a924fb671862fc226c89bf98f20ab95ea6125130ef7.7z

  • Size

    607KB

  • Sample

    220825-tf7yaafcgq

  • MD5

    ceb470552b21ffc5c231d4421b5c6f29

  • SHA1

    cba8fcbd9d16ea021f64c5453fe43fd05c95841b

  • SHA256

    6ade4aba653c82423380ce3d6276c72b28d34641419fda217bf80e28356ec368

  • SHA512

    e4e7b681c024763388eb0fe49254526d9b05d3f5337d38f7dd057fcfd4ac24339e6f2352cc2be2816ddc1760a13d7644b7dd9d368054cc7d99586f6c42117800

  • SSDEEP

    12288:gSK2O112Lo5Es7Gh9H3eqUf7Y7U4LX04TUzYAWQ1MZjI5hdtkgN3fi8q5:O4Ds7GnH0fs7U444TUTWQ10I5jxN3fs5

Score
10/10
discoveryevasionpersistencespywarestealer

Malware Config

Targets

    • Target

      08333e61156e2ccfd7843a924fb671862fc226c89bf98f20ab95ea6125130ef7

    • Size

      910KB

    • MD5

      39fef85fe114d96dde745b8ce0659b2e

    • SHA1

      c30e2b541a5268f731824342dc3c3c02671891d7

    • SHA256

      08333e61156e2ccfd7843a924fb671862fc226c89bf98f20ab95ea6125130ef7

    • SHA512

      b5ecb8f469ed8ea2b351b7333356b15f0c73e3101052aa2dbcda8db00b9eabf94f1523601cab71dadb5ac83581f18c76f43ff704355be96af0a981567b9f6bab

    • SSDEEP

      12288:SEiLRLvq1HB+OP6YyUCRXXzE4tyMgq/q7dps1XG2YZhH30DVUr0JImhySZP9ZerJ:StRLvGTK1RzE4t7D1Y4VUwJ77P4J

    Score
    10/10
    discoveryevasionpersistencespywarestealer

    • Modifies security service

      evasion

    • Modifies system executable filetype association

      persistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Uses Session Manager for persistence

      Creates Session Manager registry key to run executable early in system boot.

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Modifies WinLogon

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Modify Existing Service

1
T1031

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

3
T1060

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

7
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

5
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

6
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks