Overview

overview

10

Static

static

dbeaver-install.exe

windows7-x64

10

dbeaver-install.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbeaver-ce-latest-x86_64-setup.zip

  • Size

    942KB

  • Sample

    220916-n8f3daffh4

  • MD5

    078b0918845121f8e1532288bb69350e

  • SHA1

    c2d108050d07bd333083a7afc693e2c7b594ee64

  • SHA256

    7cc54d94803352e292df7ac2ad5f667af84bad3a9fdc2adfd4f4d0f9077686f5

  • SHA512

    d0f47e2a95cff2dbc300b2e23c54f1d9ef4476f0c84ab16a90fb405d6e0afb0599465bffa65cc30d0bc944f262629bea7f3a9edd03818a8a8531f8095f1de384

  • SSDEEP

    6144:5u4T1tdf4D5NExQ7jXF5bZqH4J1xDIFGUr:VtIzqQXtJDUr

Score
10/10
coldstealerexceptions.logdiscoveryspywarestealer

Malware Config

Extracted

Family

coldstealer

Botnet

Exceptions.log

C2

https://

Targets

    • Target

      dbeaver-install.exe

    • Size

      689.6MB

    • MD5

      9038cf661fc1d38ac380a7136f2c75bd

    • SHA1

      e5a2182854c1cb12e590b15b533f5e7025954ac8

    • SHA256

      92aa315eccc14f51527282fc52bb8f3ed380d445484457e9ecbb131485180fd8

    • SHA512

      1342b7f9f24e4e6b3bbc1fd18eee1d2e20543c6da38220e7baed7cab1617abc0de6cf88e3895d0ca569a9a10fbf57621d418f9c37d50b1d764a2f17cc05a0e19

    • SSDEEP

      6144:KJeo/N0YO3NExQ7jLF5bZwH4Jz1qcZmx9s:UP/yYO9qQXDJprZx

    Score
    10/10
    coldstealerexceptions.logdiscoveryspywarestealer

    • Cold Stealer

      An info stealer written in C#, first seen in Feb 2022.

      stealercoldstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks