d8458568836e79d02861dc6d6f8059ab9de9a61155d93742130f93b7876f75ca

Resubmissions

17/09/2022, 03:28

220917-d1r5kahag5 10

16/09/2022, 14:08

220916-rfjvcabfgj 10

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

7KB
Sample

220917-d1r5kahag5
MD5

a5bd9267f79bbe5b8232b313b0142b66
SHA1

5b78b2c8b591e547683b30825e39e5109f3d129b
SHA256

d8458568836e79d02861dc6d6f8059ab9de9a61155d93742130f93b7876f75ca
SHA512

fa809a41bbcdfa00e0b719fa14d8b860599418d7313e800db152924ee35db1bad71eef628ae470e004a12a6a73023cffaa7380df51a8c551445e2bc1bc38e214
SSDEEP

96:pTPAOxXkjVXN27Xk9TAev27Pso6Qh0lxT+D0l1vDic48h:p8OdkjhN2Y9Jvlobh0lxT+D0PvDi

Score

10^/10

spyware stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://search-dl3.com/reginst/btf/00000000000000000000000000000000/00000000000000000000000000000000/10/?i=103

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://search-dl3.com/staticpr/103.zip

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://search-dl3.com/reginst/btf/00000000000000000000000000000000/00000000000000000000000000000000/20/?i=103&uuid=c2bcbb9f&idbr=1

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://search-dl3.com/reginst/btf/00000000000000000000000000000000/00000000000000000000000000000000/30/?i=103&uuid=c2bcbb9f&idbr=2

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://search-dl3.com/reginst/btf/00000000000000000000000000000000/00000000000000000000000000000000/20/?i=103&uuid=89c4027a&idbr=1

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://search-dl3.com/reginst/btf/00000000000000000000000000000000/00000000000000000000000000000000/20/?i=103&uuid=89c4027a&idbr=2

Targets

- Target
  
  file.exe
- Size
  
  7KB
- MD5
  
  a5bd9267f79bbe5b8232b313b0142b66
- SHA1
  
  5b78b2c8b591e547683b30825e39e5109f3d129b
- SHA256
  
  d8458568836e79d02861dc6d6f8059ab9de9a61155d93742130f93b7876f75ca
- SHA512
  
  fa809a41bbcdfa00e0b719fa14d8b860599418d7313e800db152924ee35db1bad71eef628ae470e004a12a6a73023cffaa7380df51a8c551445e2bc1bc38e214
- SSDEEP
  
  96:pTPAOxXkjVXN27Xk9TAev27Pso6Qh0lxT+D0l1vDic48h:p8OdkjhN2Y9Jvlobh0lxT+D0PvDi
Score

10^/10

spyware stealer
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Blocklisted process makes network request

Drops file in Drivers directory

Executes dropped EXE

Checks computer location settings

Reads user/profile data of web browsers

Drops Chrome extension

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2