Overview

overview

8

Static

static

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    7.3MB

  • Sample

    221011-1xre7agdc7

  • MD5

    0a67e5994e4ba1e3bc213cd3d9e036d1

  • SHA1

    8c9d757d853136824faac683d6aafdbd67b03dc6

  • SHA256

    da2f00084624a3a86c88bdaa856548709baa5843916d8c9781d3f68a0070ba19

  • SHA512

    35a7131091dbceea1683d416cbb67585d4576ff81092b39adf1588e0953f2fcd6e108509e066f8ed765b4bb504be9bb60b07f5254e3baaf20089c2b3d78f2282

  • SSDEEP

    196608:91O+zXFS3RnVAAMNMK+KoNdbb8HAd2PGg:3O+woAMNmP8Htz

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      file.exe

    • Size

      7.3MB

    • MD5

      0a67e5994e4ba1e3bc213cd3d9e036d1

    • SHA1

      8c9d757d853136824faac683d6aafdbd67b03dc6

    • SHA256

      da2f00084624a3a86c88bdaa856548709baa5843916d8c9781d3f68a0070ba19

    • SHA512

      35a7131091dbceea1683d416cbb67585d4576ff81092b39adf1588e0953f2fcd6e108509e066f8ed765b4bb504be9bb60b07f5254e3baaf20089c2b3d78f2282

    • SSDEEP

      196608:91O+zXFS3RnVAAMNMK+KoNdbb8HAd2PGg:3O+woAMNmP8Htz

    Score
    8/10
    spywarestealer

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks