be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102 | Triage

Submit
Reports

Overview

overview

8

Static

static

be046a6be7...02.exe

windows7-x64

8

be046a6be7...02.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102
Size

1.4MB
Sample

221011-mtf86aahcj
MD5

e58332e1693be6fa8882b50ae104d196
SHA1

aaf681e0db2bf39610c03e018639ce6e462e0003
SHA256

be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102
SHA512

11e0782501a8cad5ea5071fda9862b4051f65a3af2cd7397ec193c57cc0c8a1326b7e5f60ec0f33a933577c5157b20bbe8610e921adb4b89a72cb857b64c7953
SSDEEP

24576:XXy0dTzUw+cp2bLm/NGVQ2RGW6MLZc8hPCApx+hOgZjlAb3vC70YKUoI7Fl7+iO:XikACp2XmFGKWCApxO1RAb3S4pYFl7+i

Score

8^/10

discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102.exe

Resource

win7-20220812-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102
- Size
  
  1.4MB
- MD5
  
  e58332e1693be6fa8882b50ae104d196
- SHA1
  
  aaf681e0db2bf39610c03e018639ce6e462e0003
- SHA256
  
  be046a6be7cfe66e0d6a1592b312fbc1e16ce833c8f1195f1498a8ea7dbe7102
- SHA512
  
  11e0782501a8cad5ea5071fda9862b4051f65a3af2cd7397ec193c57cc0c8a1326b7e5f60ec0f33a933577c5157b20bbe8610e921adb4b89a72cb857b64c7953
- SSDEEP
  
  24576:XXy0dTzUw+cp2bLm/NGVQ2RGW6MLZc8hPCApx+hOgZjlAb3vC70YKUoI7Fl7+iO:XikACp2XmFGKWCApxO1RAb3S4pYFl7+i
Score

8^/10

persistence discovery spyware stealer
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistencespywarestealer

© 2018-2025

Terms | Privacy