b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17 | Triage

Submit
Reports

Overview

overview

9

Static

static

b2ab87d540...17.exe

windows7-x64

9

b2ab87d540...17.exe

windows10-2004-x64

9

Sharing

General

Target

b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17
Size

3.8MB
Sample

221006-rf9e1aheg6
MD5

e1167cb7f3735d4edec5f7219cea64ef
SHA1

9b32cbdba2f3f40f2072dbeb61b345c910e45b39
SHA256

b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17
SHA512

e62104b529dfb87203ee3f8406259284663e0d7bc2c02836253c2c1788a0798241377e48d4609cc0ec2295028ff171a746b3fe1537c8cc235a1f3981699122a8
SSDEEP

98304:SB/mSwJ/stDHmKRai2+DyAEJ9v00FabNuATit4QqKUiqIa4j1yj:SB/m1/Cfe+i9M0oMP//a48j

Score

9^/10

evasion spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17.exe

Resource

win7-20220812-en

evasion spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17.exe

Resource

win10v2004-20220901-en

evasion spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17
- Size
  
  3.8MB
- MD5
  
  e1167cb7f3735d4edec5f7219cea64ef
- SHA1
  
  9b32cbdba2f3f40f2072dbeb61b345c910e45b39
- SHA256
  
  b2ab87d5408a19b0d65d49b74c0f3d879ac55c3e57117e4117ff500394e2ad17
- SHA512
  
  e62104b529dfb87203ee3f8406259284663e0d7bc2c02836253c2c1788a0798241377e48d4609cc0ec2295028ff171a746b3fe1537c8cc235a1f3981699122a8
- SSDEEP
  
  98304:SB/mSwJ/stDHmKRai2+DyAEJ9v00FabNuATit4QqKUiqIa4j1yj:SB/m1/Cfe+i9M0oMP//a48j
Score

9^/10

evasion spyware stealer
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealer

behavioral2

evasionspywarestealer

© 2018-2025

Terms | Privacy