Analysis
-
max time kernel
112s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
13-10-2022 23:03
Static task
static1
Behavioral task
behavioral1
Sample
1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe
Resource
win7-20220901-en
General
-
Target
1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe
-
Size
148KB
-
MD5
2360f157b3a648812b9abd132093e117
-
SHA1
f642a4a9923c3f0b321bf0affad010f98823f823
-
SHA256
1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea
-
SHA512
15ae6d26cf792fd0e254f10ede5e61c5c531274de749974c13c85a1b69e618dd9306e53533c4593aad19b6cc5fde6fcabf21c62af8295159687fa4990e908abb
-
SSDEEP
3072:xdJ2Pxrgj4sHW/RvKWl3uSlVZUMf8G0iA6jq1BSKN+cAe+WXy2y:LIxrgj4sHoKWVumVZnf8Gs6GnNHIl
Malware Config
Extracted
erbium
http://77.73.133.53/cloud/index.php
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 4 IoCs
pid Process 1532 1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe 1532 1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe 1532 1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe 1532 1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1532 1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe 1532 1f26ea6b5d9277173f02da194d72089de9b5cc86619c49e43c6f48631eb192ea.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
669KB
MD5ed6249f72ba742802b2fa3ef20900d18
SHA16e50eec3f0b13ff71f86ffc46cf7a1d079381bf3
SHA256a5396eba9d0564f4bcbafd5a8c4a4019b4b50a5c70a42aef5491a230d21f2922
SHA5126da4cd5642becef120dbde2d070332d08bf5779bc0ffe66bf3cc51ca13db5619ee0b4f8fe3bc897c1876614a2512b2598f5d1c372764dd18b474081004d87c98
-
Filesize
627KB
MD55d59e053d45049ffb8c6c08d8944e30c
SHA1292f748d5e326143c3233e9d290087337700d606
SHA256bcbf8c8ba4386b7716d5481ef9d089b9448990736d3eebdcfa611a09045c3ec3
SHA5120f8b1c9c30d7b71fb7560377e5895c7bd15d71928c34465b1dde31ae770b6d38d5bac4d34ef4add9e08b72f2b9ea53958f167b0690fa0731af205528512a987b
-
Filesize
2.0MB
MD505ed4ffbf6b785750d2cdacca9287f10
SHA1579c656536ce9cd076fc790cf443caf3a8db5b8f
SHA2560bce97e8f6cc435250fb6aea0441e4146c7c8f8d90a9b1e76dfabd8701bfd882
SHA512dddabf3ab629ec5b15e879f90d5f9bb69d6a8b47222989d3e683cbc8a6d4072740a5c5db05952d236529dfdde645990d21a4a9b32c4419ace9e2fe409fce4f01
-
Filesize
251KB
MD53a59b504f6c41324b0d6cb6edbe3ad61
SHA12b3aff110badd913d221605d2f01638473dc5756
SHA256c10801dba6c50237dba700fe2be920f091792e45c32e00db7c63c2c19a35f3a5
SHA51256c9b7d4afcf8666aedaf55f819b799f2d84bc0736e0c431973114ae760da57209041785b7894f8b6d8d3e70bf040db68f7a95fcbb419fb6c44b70266eecc02d