Overview

overview

10

Static

static

trimmed_16...ll.exe

windows7-x64

10

trimmed_16...ll.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11f8a26affde505645a82fa141de07a622b9adc0285789596d4c077327028f14.zip

  • Size

    197KB

  • Sample

    220916-pa55aabdfq

  • MD5

    8a54e6516f61093054e134e93b737b44

  • SHA1

    c73f21d25a170855f1b24d9fd900414d9a5dd045

  • SHA256

    90fe1ffe04b1491947fe9cbc039ebc896f1299a2d623ccb75a91d276cf545766

  • SHA512

    8aa341732064f317688584e7e4b1ee998de8c93e87069074f5ee8e02dd0d59f8bbf0ba354b00310543d01309b3ca8d645036bb48bcbaadb8c12fff09a1711fab

  • SSDEEP

    6144:ZMYONDq/hn/Ua2+OeLOIHz80rraRgO1zAGR1:ZMYn/Ua2+OKOIHz80rhOJHn

Score
10/10
coldstealerexceptions.logdiscoveryspywarestealer

Malware Config

Extracted

Family

coldstealer

Botnet

Exceptions.log

C2

https://

Targets

    • Target

      trimmed_1663329827_dbeaver-install.exe

    • Size

      209KB

    • MD5

      40d322d24c17aac5a6c3c10d20acedf3

    • SHA1

      be6ca8d13ef8f597c1f5c859fa2e304061699d30

    • SHA256

      11f8a26affde505645a82fa141de07a622b9adc0285789596d4c077327028f14

    • SHA512

      58fef212a5c23a78ea386b0b588b50ff3d64aa885ade43b2c7ca958c52de711578d1ab65fd31945dd5d9ed2cc6ad0975cb13785ce555f80beb6ace5bbe0b2b86

    • SSDEEP

      3072:K4a5qEIlqf/NgnYi3xAWNvjeg0xOHjxrrVj5dptJU3bKSQFbz0swH4sEf3dV1qcV:KJeo/N0YO3NExQ7jLF5bZwH4Jz1qcZm

    Score
    10/10
    coldstealerexceptions.logdiscoveryspywarestealer

    • Cold Stealer

      An info stealer written in C#, first seen in Feb 2022.

      stealercoldstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks